Using Django REST Framework, I want to limit which values can be used in a related field in a creation.
For example consider this example (based on the filtering example on http://django-rest-framework.org/api-guide/filtering.html , but changed to ListCreateAPIView):
model = Purchase
serializer_class = PurchaseSerializer
user = self.request.user
I ended up doing something similar to what Khamaileon suggested here. Basically I modified my serializer to peek into the request, which kind of smells wrong, but it gets the job done... Here's how it looks (examplified with the purchase-example):
class PurchaseSerializer(serializers.HyperlinkedModelSerializer): def get_fields(self, *args, **kwargs): fields = super(PurchaseSerializer, self).get_fields(*args, **kwargs) fields['purchaser'].queryset = permitted_objects(self.context['view'].request.user, fields['purchaser'].queryset) return fields class Meta: model = Purchase
permitted_objects is a function which takes a user and a query, and returns a filtered query which only contains objects that the user has permission to link to. This seems to work both for validation and for the browsable API dropdown fields.