How to not allow additional properties
22 views
Skip to first unread message
Daniel Chimeno
Jan 15, 2018, 11:43:51 AM1/15/18
to Django REST framework
Hello!
I would like to allow incoming requests like:
but to not allow incoming requestse like:
Thanks!
How could I deny requests that has additional properties?
Example:
class IntervalSerializer(serializers.Serializer): month = serializers.DateField(format='%Y-%m', input_formats=['%Y-%m']) day_of_week = serializers.IntegerField(min_value=1, max_value=7) start_hour = serializers.IntegerField(min_value=0, max_value=24) end_hour = serializers.IntegerField(min_value=1, max_value=24)I would like to allow incoming requests like:
{'month': '2017-03', 'day_of_week': 7, 'start_hour': 3, 'end_hour': 2}
but to not allow incoming requestse like:
{'month': '2017-03', 'day_of_week': 7, 'start_hour': 3, 'end_hour': 2, 'another_attribute': 3}
Thanks!
Jani Tiainen
Jan 15, 2018, 11:58:24 PM1/15/18
to django-res...@googlegroups.com
Hi,
Is there a reason you want to reject requests with extra data rather than just ignore extra values?
One way to do that could be whitelisting allowed params per view but that you have to do yourself. You could probably use DRF authentication API for that.
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Daniel Chimeno
Jan 16, 2018, 10:21:19 AM1/16/18
to Django REST framework
Hi, thanks for the response.
The reasons is because I'm migrating a previous API design that does that, so I'm keeping that way.I've asked just in case there were a more generic solution for that.
Just come to my mind if there is a way to view the fields that are in a declared serializer.
In this example:
class IntervalSerializer(serializers.Serializer): month = serializers.DateField(format='%Y-%m', input_formats=['%Y-%m']) day_of_week = serializers.IntegerField(min_value=1, max_value=7) start_hour = serializers.IntegerField(min_value=0, max_value=24) end_hour = serializers.IntegerField(min_value=1, max_value=24)something like:
qs = IntervalSerializer().defined_fields()
Matemática A3K
Jan 17, 2018, 12:05:27 PM1/17/18
to django-res...@googlegroups.com
On Tue, Jan 16, 2018 at 12:21 PM, Daniel Chimeno <dan...@chimeno.me> wrote:
Hi, thanks for the response.The reasons is because I'm migrating a previous API design that does that, so I'm keeping that way.I've asked just in case there were a more generic solution for that.Just come to my mind if there is a way to view the fields that are in a declared serializer.In this example:
You can get those in the Meta, like you would do with a Django model or a Form.
With that you can "substract" the fields from the request data. If there are remaining fields in the data you have "extra data" and you can raise something or act accordingly.
El martes, 16 de enero de 2018, 5:58:24 (UTC+1), Jani Tiainen escribió:
Hi,Is there a reason you want to reject requests with extra data rather than just ignore extra values?One way to do that could be whitelisting allowed params per view but that you have to do yourself. You could probably use DRF authentication API for that.
15.1.2018 18.43 "Daniel Chimeno" <dan...@chimeno.me> kirjoitti:
Hello!--How could I deny requests that has additional properties?Example:
I would like to allow incoming requests like:
but to not allow incoming requestse like:
Thanks!
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscri...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages