Zoltán Szalai
unread,Nov 10, 2016, 12:34:19 PM11/10/16Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django-res...@googlegroups.com
Hi,
How would you handle the below scenario on a serializer (and/or any
other) level?
John, Jack and James are managers of a vehicle fleet. The fleet produces
trips.
The real trip data looks like this (it's far more compilcated in real
but this is enough to demonstrate the problem):
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Private"
}
John should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
}
Jack should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Private"
}
James should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
}
So the private fields are "start_location_address" and
"end_location_address". They should only be available for the driver of
the trip if the trip is private.
Removing the private fields is also ok instead of returning empty strings.
I'm thinking on something like this but it feels a bit evil:
Inside the __init__ of the serializer I'd do something like this:
is_many = getattr(self.instance, "id", None) is None
if is_many:
objects = self.instance
else:
try:
objects = [self.instance]
except IndexError:
objects = []
request = self.context['request']
request_user = request.user
for o in objects:
if o.category == 'Private' and o.driver != request_user:
o.start_location_address = "" # or delattr(o,
"start_location_address")
o.end_location_address = "" # or delattr(o,
"end_location_address")
Is there a clean(er) way to handle this?
What about caching etc.?
What do you think in general?
Thanks in advance
Zoltan Szalai