i wold personalize api_root list based on current user permissions, not endpoints visible level users.
ex.:
router.register(r'users',views.userviewset, base_name='users') router.register(r'groups', views.groupviewset, base_name='groups') router.register(r'schedules', views.callschedulesviewset, base_name='schedules') urlpatterns = [ url(r'^', include(router.urls)), ... ] for "superuser" list should be:
- users
- groups
- schedules
but "normaluser" list should be:
- schedules
i have solved using following approach, maybe not elegant, serves example.
urls.py
router = routers.defaultrouter() router.register(r'users', views.userviewset, base_name='users') router.register(r'groups', views.groupviewset, base_name='groups') router.register(r'schedules', views.schedulesviewset, base_name='schedules') urlpatterns = [ url(r'^$', views.apiroot.as_view()), url(r'', include(router.urls)), ... ] views.py
from rest_framework.views import apiview rest_framework.response import response class apiroot(apiview): """ api root ... """ def get(self, request): data = { "users": "http://localhost:8000/users/", "groups": "http://localhost:8000/groups/", "schedules": "http://localhost:8000/schedules/", } if not request.user.is_superuser: data.pop("users") data.pop("groups") return response(data) 
Comments
Post a Comment