How can I apply a filter to a nested resource in Django REST framework?

django django-rest-framework

Solution 1:

I'm faced with the same scenario. The best solution that I've found is to use a SerializerMethodField and have that method query and return the desired values. You can have access to request.user in that method through self.context['request'].user.

Still, this seems like a bit of a hack. I'm fairly new to DRF, so maybe someone with more experience can chime in.

Solution 2:

You have to use filter instead of get, otherwise if multiple record return you will get Exception.

current_user_zone_permission = serializers.SerializerMethodField('get_user_zone_permission')

def get_user_zone_permission(self, obj):
    user = self.context['request'].user
    zone_permission = ZonePermission.objects.filter(zone=obj, user=user)
    serializer = ZonePermissionSerializer(zone_permission,many=True)
    return serializer.data

Solution 3:

Now you can subclass the ListSerializer, using the method I described here: https://stackoverflow.com/a/28354281/3246023

You can subclass the ListSerializer and overwrite the to_representation method.

By default the to_representation method calls data.all() on the nested queryset. So you effectively need to make data = data.filter(**your_filters) before the method is called. Then you need to add your subclassed ListSerializer as the list_serializer_class on the meta of the nested serializer.

  1. subclass ListSerializer, overwriting to_representation and then calling super
  2. add subclassed ListSerializer as the meta list_serializer_class on the nested Serializer

Solution 4:

If you're using the QuerySet / filter in multiple places, you could use a getter function on your model, and then even drop the 'source' kwarg for the Serializer / Field. DRF automatically calls functions/callables if it finds them when using it's get_attribute function.

class Zone(models.Model):
    name = models.SlugField()

    def current_user_zone_permission(self):
        return ZonePermission.objects.get(zone=self, user=user)

I like this method because it keeps your API consistent under the hood with the api over HTTP.

class ZoneSerializer(serializers.HyperlinkedModelSerializer):
    current_user_zone_permission = ZonePermissionSerializer()

    class Meta:
        model = Zone
        fields = ('name', 'current_user_zone_permission')

Hopefully this helps some people!

Note: The names don't need to match, you can still use the source kwarg if you need/want to.

Edit: I just realised that the function on the model doesn't have access to the user or the request. So perhaps a custom model field / ListSerializer would be more suited to this task.

Related

Does "Avoid dependency injection frameworks" in the Android Memory Guide apply to Dagger as well?
C++ cache aware programming
Difference between AsyncTask and Thread/Runnable
How does glDrawArrays know what to draw?
How can I rebase multiple branches at once?
Changes using mutable reference of a field are not reflected after move of the original instance
HTTP Expires header values "0" and "-1"
At least one JAR was scanned for TLDs yet contained no TLDs
Git checkout does not change anything
Transactions for read-only DB access?
Cloning dual boot drive
Network Manager 0.8.999 and Ubuntu One