DRF : how to add user permissions to user detail api?

Question

So I am writing a UserDetails view as follows.

class UserDetailsView(RetrieveUpdateAPIView):
    serializer_class = AuthUserSerializer

    def get_object(self):
        return self.request.user

My Serializers are as follows.

class PermissionSerializer(serializers.ModelSerializer):
    class Meta:
        model = Permission
        fields = ('id', 'name', 'codename')


class GroupSerializer(serializers.ModelSerializer):
    class Meta:
        model = Group
        fields = ('id', 'name')

class AuthUserSerializer(serializers.ModelSerializer):

    groups = GroupSerializer(many=True) 
    # permissions = PermissionSerializer(many=True)
    # permissions = serializers.PrimaryKeyRelatedField(many=True, queryset=Permission.objects.all())

    class Meta:
        model = User
        fields = ('id', 'username', 'first_name', 'last_name', 'email', 
            'is_staff', 'is_active', 'is_superuser', 'last_login', 
            'date_joined', 'groups', 'user_permissions')

groups = GroupSerializer(many=True) gives me following.

"groups": [
        {
            "id": 2,
            "name": "A"
        },
        {
            "id": 1,
            "name": "B"
        },
        {
            "id": 3,
            "name": "C"
        }
    ],

I expect the similar from permissions = PermissionSerializer(many=True) but I get the following error.

Got AttributeError when attempting to get a value for field `permissions` on serializer `AuthUserSerializer`.
The serializer field might be named incorrectly and not match any attribute or key on the `User` instance.
Original exception text was: 'User' object has no attribute 'permissions'.

but instead, if add user_permissions to the fields directly without adding related reference it gives me all ids of permissions. I want to have id, name, codename also. And, Of course, UserPermissions model is not found. ;-(

How do I fix this?

score 2 · Accepted Answer · answered Jun 09 '20 at 07:46

2

You can use source parameter on the Serializer.

class AuthUserSerializer(serializers.ModelSerializer):

    groups = GroupSerializer(many=True) 
    permissions = PermissionSerializer(many=True, source='user_permissions')

    class Meta:
        model = User
        fields = ('id', 'username', 'first_name', 'last_name', 'email', 
            'is_staff', 'is_active', 'is_superuser', 'last_login', 
            'date_joined', 'groups', 'user_permissions', 'permissions')

answered Jun 09 '20 at 07:46

Utkucan Bıyıklı

1,072
7
17

This worked but it is not allowing me to select fields to be displayed. I had to use `__all__`. – Kishor Pawar Jun 09 '20 at 09:36
Any idea why did it work without `source` in case of groups? – Kishor Pawar Jun 09 '20 at 09:37
1

As groups is already m2m field on User model, you don't need set source parameter for this reason. If you change field name from permissions to user_permissions, you dont need source in the PermissionSerializer too. – Utkucan Bıyıklı Jun 09 '20 at 09:43

DRF : how to add user permissions to user detail api?

1 Answers1