It's possible give delete permissions only for a m2m field of my model? Let's think in:
class Site(models.Model):
name = models.CharField(max_length=50)
favourited_by = models.ManyToManyField(User)
If i write this ModelResource:
class SiteResource(ModelResource):
class Meta:
queryset = Site.objects.all()
resource_name = 'Site'
allowed_methods = ['post', 'get', 'delete']
I'm giving delete permissions for the whole model, but i only want to be able to delete entries from "favourited_by" field. There's some way to achieve this?
Doing a delete on that endpoint, by definition, should delete the whole object.
But if you are looking for a custom behaviour, then you could override obj_delete with something like:
def obj_delete(self, bundle, **kwargs):
# Get the object and raise NotFound if couldn't find
try:
bundle.obj = self.obj_get(bundle=bundle, **kwargs)
except ObjectDoesNotExist:
raise NotFound("A model instance matching the provided arguments could not be found.")
#Here you should do any kind of validation before deleting
# And then remove using the parameter you passed (for example user_id)
bundle.obj.favourited_by.remove(User.objects.get(id=bundle.data['user_id'])) #pass in the user_id
return