[RFC 05/11] REST: Add Persons to the API
Andy Doan
andy.doan at linaro.org
Wed May 11 08:30:01 AEST 2016
On 05/09/2016 08:39 AM, Finucane, Stephen wrote:
>> +class PeopleViewSet(PatchworkViewSet):
>> >+ permission_classes = (AuthenticatedReadOnly,)
>> >+ serializer_class = create_model_serializer(Person)
>> >+
>> >+
> As pointed out in the previous patch, this exposes every attribute of
> the object including some potentially undesirable ones. The linked
> user profile is included here: do we really want it to be?
I can expose less as you see in the later patches. However, this only
exposes something like:
{
"id": 51,
"email": "andy.doan at linaro.org",
"name": "Andy Doan",
"user": 101
},
Let me know what you'd like.
More information about the Patchwork
mailing list