Search code examples
djangodjango-modelsdjango-rest-frameworkdjango-permissions

DRF : how to add user permissions to user detail api?

So I am writing a UserDetails view as follows. 

class UserDetailsView(RetrieveUpdateAPIView):
    serializer_class = AuthUserSerializer

    def get_object(self):
        return self.request.user

My Serializers are as follows. 

class PermissionSerializer(serializers.ModelSerializer):
    class Meta:
        model = Permission
        fields = ('id', 'name', 'codename')


class GroupSerializer(serializers.ModelSerializer):
    class Meta:
        model = Group
        fields = ('id', 'name')

class AuthUserSerializer(serializers.ModelSerializer):

    groups = GroupSerializer(many=True) 
    # permissions = PermissionSerializer(many=True)
    # permissions = serializers.PrimaryKeyRelatedField(many=True, queryset=Permission.objects.all())

    class Meta:
        model = User
        fields = ('id', 'username', 'first_name', 'last_name', 'email', 
            'is_staff', 'is_active', 'is_superuser', 'last_login', 
            'date_joined', 'groups', 'user_permissions')

groups = GroupSerializer(many=True) gives me following. 

"groups": [
        {
            "id": 2,
            "name": "A"
        },
        {
            "id": 1,
            "name": "B"
        },
        {
            "id": 3,
            "name": "C"
        }
    ],

I expect the similar from permissions = PermissionSerializer(many=True) but I get the following error. 

Got AttributeError when attempting to get a value for field `permissions` on serializer `AuthUserSerializer`.
The serializer field might be named incorrectly and not match any attribute or key on the `User` instance.
Original exception text was: 'User' object has no attribute 'permissions'.

but instead, if add user_permissions to the fields directly without adding related reference it gives me all ids of permissions. I want to have id, name, codename also. And, Of course, UserPermissions model is not found. ;-(

How do I fix this?

Solution

  • You can use source parameter on the Serializer.

    class AuthUserSerializer(serializers.ModelSerializer):

    groups = GroupSerializer(many=True) 
    permissions = PermissionSerializer(many=True, source='user_permissions')

    class Meta:
        model = User
        fields = ('id', 'username', 'first_name', 'last_name', 'email', 
            'is_staff', 'is_active', 'is_superuser', 'last_login', 
            'date_joined', 'groups', 'user_permissions', 'permissions')