I am applying the finishing touches to the API that I wrote for the Django application using django-piston. The API can search by query or IP address, which are instances Requestor, IPAddressrespectively. Each request may have 1 or more IPAddressassociated with it.
So, for example, I have an API call that displays all objects IPAddressthat correspond to the activity status of "active", "inactive" or "all" (for both). Requestthat each instance is associated with is IPAddressavailable as IPAddress.request.
The problem I am facing is that it Request.inputteris the foreign key of the instance of the Userperson who submitted the request. When my results are returned from the handler that I created for this API call, all fields from the instance are displayed User, including password.
This is bad; I do not want it.
So here is my handler:
class SearchByIPStatusHandler(BaseHandler):
model = IPAddress
allowed_methods = ('GET',)
anonymous = AnonymousIPHandler
def read(self, request, status):
"""
Returns IP addresses based on activity status.
Status: 'active', 'inactive', 'all'
"""
if status == 'all':
return self.model.objects.all()
else:
active = True if (status=='active') else False
return self.model.objects.filter(active=active)
And here is an example of the results from /api/show/all/:
<response>
<resource>
<updated>2010-02-05 17:08:53.651729</updated>
<expires>2010-02-12 17:08:23</expires>
<created>2010-02-05 17:08:53.625318</created>
<nexthop>255.255.255.255</nexthop>
<netmask>255.255.255.254</netmask>
<address>2.4.6.80/31</address>
<active>True</active>
<id>4</id>
<request>
<updated>2010-02-05 17:08:53.382381</updated>
<created>2010-02-05 17:08:53.382313</created>
<expires>2010-02-12 17:08:23</expires>
<incident>20100212-badthings-01</incident>
<reason>bad things happened</reason>
<inputter>
<username>jathan</username>
<first_name>Jathan</first_name>
<last_name>McCollum</last_name>
<is_active>True</is_active>
<email>email@fake.notreal</email>
<is_superuser>True</is_superuser>
<is_staff>True</is_staff>
<last_login>2010-02-05 18:55:51.877746</last_login>
<password>[ENCRYPTED STRING I REDACTED]</password>
<id>1</id>
<date_joined>2010-01-28 09:56:32</date_joined>
</inputter>
<requester>joeuser</requester>
<active>True</active>
</request>
</resource>
</response>
All I really need in the results is inputter.username, not all other things. I tried various iterations to implement the attribute excludeon the handler to no avail. If I just skip the entire query field, this works fine, for example:
In the handler:
exclude = ('request', )
Result:
<response>
<resource>
<updated>2010-02-05 17:08:53.651729</updated>
<expires>2010-02-12 17:08:23</expires>
<created>2010-02-05 17:08:53.625318</created>
<nexthop>255.255.255.255</nexthop>
<netmask>255.255.255.254</netmask>
<address>2.4.6.80/31</address>
<active>True</active>
<id>4</id>
</resource>
</response>
But these results are also not what I want.
So finally my question is:
How can I exclude nested fields from handler results? Is it possible?
, , :
exclude = ( ('request', ('inputter', ), ) )
exclude = ( ('request', ('inputter', ('password', ) ) ) )
, , .