在GET中隐藏password字段,而不是在Django REST框架中隐藏POST,其中serializ中的depth=1

2024-10-01 11:21:52 发布

您现在位置:Python中文网/ 问答频道 /正文
11488 3

我有两个模型:用户和用户摘要。UserSummary具有User的外键。我刚刚注意到,如果我在UserSummarySerializer内设置depth= 1,那么输出中将包含密码字段。它是散列的,但最好还是排除这个字段。在

为了隐藏password字段,我在序列化程序中显式设置了user字段,如下所示:

class UserSerializer(serializers.ModelSerializer):
    """A serializer for our user profile objects."""

    class Meta:
        model = models.User
       extra_kwargs = {'password': {'write_only': True}}
        exclude = ('groups', 'last_login', 'is_superuser', 'user_permissions', 'created_at')

    def create(self, validated_data):
        """Create and return a new user."""

        user = models.User(
            email = validated_data['email'],
            firstname = validated_data['firstname'],
            lastname = validated_data['lastname'],
            mobile = validated_data['mobile']
        )

        user.set_password(validated_data['password'])
        user.save()

        return user


class UserSummarySerializer(serializers.ModelSerializer):
    user = UserSerializer()

    class Meta:
        model = models.UserSummary
        fields = '__all__'
        depth = 1

这种方法的缺点是,在创建新用户时,POST请求中的字段密码不再可用。在

如何隐藏UserSummary的GET请求上的password字段,而在User的POST请求中显示它?在


Tags: 用户密码datamodelspasswordclassdepthserializers
3条回答
网友
1楼 · 编辑于 2024-10-01 11:21:52
class UserSerializer(serializers.ModelSerializer):

    class Meta:
        model = User

    def to_representation(self, obj):
        rep = super(UserSerializer, self).to_representation(obj)
        rep.pop('password', None)
        return rep
网友
2楼 · 编辑于 2024-10-01 11:21:52

这里的诀窍是在“fields”元组中包含“password”字段,以便密码同时显示在“GET”和“POST”中,然后添加“extra_kwargs”以强制“password”字段仅以“POST”形式出现。代码如下:

class UserSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = User
        fields = ('url', 'username', 'email',
              'is_active', 'is_staff', 'is_superuser', 'password',)

        # These fields are displayed but not editable and have to be a part of 'fields' tuple
        read_only_fields = ('is_active', 'is_staff', 'is_superuser',)

        # These fields are only editable (not displayed) and have to be a part of 'fields' tuple
        extra_kwargs = {'password': {'write_only': True, 'min_length': 4}}
网友
3楼 · 编辑于 2024-10-01 11:21:52

当您将所有函数序列化器都设置为一个时,这很复杂,在这种情况下,我将创建一个UserCreateSerializer

class UserCreateSerializer(serializers.ModelSerializer):
    """A serializer for our user profile objects."""

    class Meta:
        model = models.User
        extra_kwargs = {'password': {'write_only': True}}
        fields = ['username', 'password', 'email', 'firstname', 'lastname', 'mobile'] # there what you want to initial.

    def create(self, validated_data):
        """Create and return a new user."""

        user = models.User(
            email = validated_data['email'],
            firstname = validated_data['firstname'],
            lastname = validated_data['lastname'],
            mobile = validated_data['mobile']
        )

        user.set_password(validated_data['password'])
        user.save()

        return user

然后您可以在您的UserCreateAPIView中使用UserCreateSerializer。在

相关问题 更多 >

    编程相关推荐