我正在尝试从AbstractUser中隐藏部分API(DRF)。
这是我的models.py:
class Company(models.Model):
name = models.TextField()
class User(AbstractUser):
company = models.ForeignKey(Company, null=True)
此处serializers.py:
class CompanySerializer(serializers.ModelSerializer):
class Meta:
model = Company
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = (
'username', 'email', 'company', 'first_name', 'last_name', 'date_joined', 'last_login', 'is_active',
'is_staff', 'groups', 'user_permissions'
)
views.py:
class CompanyList(generics.ListCreateAPIView):
model = Company
serializer_class = CompanySerializer
class UserList(generics.ListCreateAPIView):
model = User
serializer_class = UserSerializer
所以我想要的是 - 获取AbstractUser的JSON,但他只能看到他被分配到的公司。
我怎样才能做到这一点?我尝试过使用def has_object_permission(),但我不确定该怎么做。