Add hide_parameters in yaml config

[shuoli84]

I need to hide some parameter if following cases:
There are 2 models, car and wheel. And two endpoints to create wheel:
/api/cars/{carId}/wheels/ POST
/api/wheels/ POST

My wheel serialiser has field car, which is perfectly good in 2nd endpoints, but annoying in the first one. Because I already has carId there. I think a proper way to do this is add one hide_parameters list which quite like omit_paramters. But this one hide paramters by their name instead of type. Any idea?

[cancan101]

create a second serializer instead.

On Sun, May 17, 2015, 01:47 shuo [email protected] wrote:

I need to hide some parameter if following cases:
There are 2 models, car and wheel. And two endpoints to create wheel:
/api/cars/{carId}/wheels/ POST
/api/wheels/ POST

My wheel serialiser has field car, which is perfectly good in 2nd
endpoints, but annoying in the first one. Because I already has carId
there. I think a proper way to do this is add one hide_parameters list
which quite like omit_paramters. But this one hide paramters by their name
instead of type. Any idea?

—
Reply to this email directly or view it on GitHub
#279.

[shuoli84]

I guess we can also create multiple views to replace viewset?

[cancan101]

Not sure what you mean. Just inject the car in serializer save.

On Sun, May 17, 2015, 03:19 shuo [email protected] wrote:

I guess we can also create multiple views to replace viewset?

—
Reply to this email directly or view it on GitHub
#279 (comment)
.

[shuoli84]

I use one serialiser class for both endpoints, for endpoint, /api/cars/{carId}/wheels/ POST, generated swagger doc has two params: carId in url and car defined in serialiser. I need to hide the one from serialiser class.
I am not talking about how to implement the serialiser, but how to hide the param from swagger.

[cancan101]

You are doing it wrong.

On Sun, May 17, 2015, 03:26 shuo [email protected] wrote:

I use one serialiser class for both endpoints, for endpoint,
/api/cars/{carId}/wheels/ POST, generated swagger doc has two params: carId
in url and car defined in serialiser. I need to hide the one from
serialiser class.
I am not talking about how to implement the serialiser, but how to hide
the param from swagger.

—
Reply to this email directly or view it on GitHub
#279 (comment)
.

[shuoli84]

What is wrong?

[cancan101]

Why are you trying to hide a parameter that the serializer handles?seems
like a potential security issue. Just create a other serializer.

On Sun, May 17, 2015, 03:33 shuo [email protected] wrote:

What is wrong?

—
Reply to this email directly or view it on GitHub
#279 (comment)
.

[shuoli84]

I am setting the serialiser's param in view's function, it is not hidden, just set in a different way. I don't think it is a good idea to create a new Serialiser class for such simple things.
And also there is a flag which able to hide the whole type of params, the omit_parameters. Security is critical but not the responsibility of the doc generating lib, I guess.

[cancan101]

I agree that security is not the responsibility of the doc generating
library but adding this feature seems like the wrong solution to your
problem.

On Sun, May 17, 2015, 03:50 shuo [email protected] wrote:

I am setting the serialiser's param in view's function, it is not hidden,
just set in a different way. I don't think it is a good idea to create a
new Serialiser class for such simple things.
And also there is a flag which able to hide the whole type of params, the
omit_parameters. Security is critical but not the responsibility of the doc
generating lib, I guess.

—
Reply to this email directly or view it on GitHub
#279 (comment)
.