Menu
I am using a filter to apply object level permissions to a collection. Resources in a second collection have a many-to-many relationship with the first. On the browsable API, when creating resources in the second collection, the user is presented with a list of resources from the first to link it to. However, this list is not filtered, so the user can see values that they should not be able to see.
I've poked around the documentation and source a bit and I cannot see a way to add filtering to the queryset that generates the choices without overloading or modifying a bunch of code to pass the request data down (probably removing some of the collection specific data on the way) and then apply the filters.
Is there a better way to achieve this?
616
Currently there's nothing to support this out of the box. Pull requests are always welcome. If it's something you want to work on you may want to either open a ticket on GitHub or hit up the mailing list to discuss it first.
65
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
