[Fixed]-Django REST Framework serializers: readable and kinda writable

1๐Ÿ‘

โœ…

As I see, this is a bit different problem. The only thing you should care is making sure all write-request require authorization. No one should be allowed to put anything to your DB, but for those having proper permissions. While those having them are considered as trusted users and you should not be concerned that they can post something bad to your DB.

DRF includes token authentication, session authentication and other auth methods that you can use in connection with Permissions. You must make all POST, PUT and DELETE request protected by permissions system, otherwise your API is extremely vulnerable.

And if I recall it correctly, primary key on a ModelSerializer is read-only by default.

๐Ÿ‘คabcdn

0๐Ÿ‘

class ProductSerializer(ModelSerializer):
    class Meta:
        model = Product
        fields = ('id', ...)
        read_only_fields = ('id',)
๐Ÿ‘คYkh

Leave a comment