I'm using tastypie with the DjangoAuthorization method.
I have a StudentResource like this :
class StudentResource(ModelResource):
friends = fields.ToManyField(StudentResource, 'friends', null=True)
class Meta:
queryset = Student.objects.all()
resource_name = 'student'
authorization = DjangoAuthorization()
So each of my student has many friends.
Now, I'd like to return, when my user is making an API call only his friends. (based on his django id). (I don't want to just add a filter to my Ressource, I really want the user to be only able to access to his friends)
I could override the GET method using the get_list tastypie function, but it seems pretty ugly.
So what is the good way to do that ?
Thx !
Actually, the good way to do that is to create a custom Authorization for the StudentResource.
Here's the tastypie doc explaining that : http://django-tastypie.readthedocs.org/en/latest/authorization.html