[RFC 05/11] REST: Add Persons to the API

Andy Doan andy.doan at linaro.org
Wed May 11 08:30:01 AEST 2016


On 05/09/2016 08:39 AM, Finucane, Stephen wrote:
>> +class PeopleViewSet(PatchworkViewSet):
>> >+    permission_classes = (AuthenticatedReadOnly,)
>> >+    serializer_class = create_model_serializer(Person)
>> >+
>> >+
> As pointed out in the previous patch, this exposes every attribute of
> the object including some potentially undesirable ones. The linked
> user profile is included here: do we really want it to be?

I can expose less as you see in the later patches. However, this only 
exposes something like:

	{
             "id": 51,
             "email": "andy.doan at linaro.org",
             "name": "Andy Doan",
             "user": 101
         },

Let me know what you'd like.


More information about the Patchwork mailing list