14
A bit late but maybe this will help somebody.
My solution was to override update_in_place and check for the data passed.
from tastypie.resources import ModelResource
from tastypie.exceptions import BadRequest
class MyResource(ModelResource):
class Meta:
...
allowed_update_fields = ['field1', 'field2']
def update_in_place(self, request, original_bundle, new_data):
if set(new_data.keys()) - set(self._meta.allowed_update_fields):
raise BadRequest(
'Only update on %s allowed' % ', '.join(
self._meta.allowed_update_fields
)
)
return super(MyResource, self).update_in_place(
request, original_bundle, new_data
)
1
Since you seem to have authorization for users in place already, you should be able to implement this by adding to the Meta class in your ModelResource. For example, using the DjangoAuthorization (from tastypie docs):
from tastypie.authentication import BasicAuthentication
from tastypie.authorization import DjangoAuthorization
...
class SomeResource(ModelResource):
...
class Meta:
...
authentication = BasicAuthentication()
authorization = DjangoAuthorization()
This example would give you user authorization for actions as defined in django.contrib.auth.models.Permission.
I also had this from the tastypie Google Group. It uses the dehydrate method. Here is the example provided in the Google Groups link:
def dehydrate(self, bundle):
bundle = super(self, MyResource).dehydrate(bundle)
# exclude the restricted field for users w/o the permission foo
if not bundle.request.user.has_perm('app.foo'):
del bundle.data['restricted']
return bundle
- [Django]-How do I include an external CSS file as a rule for a class inside a .scss file?
- [Django]-Refactor this Python code to iterate over a container
- [Django]-No matter what I do, django-admin.py is not found, even though it's in my path
- [Django]-Best approach to handle concurrency in Django for eauction toy-app
- [Django]-Getting error while running django-cms demo page
Source:stackexchange.com