[Django]-How to Force Current User to a Field in Django Rest Framework


Since you don’t want owner to be modifiable via your serializer, I’d suggest you to remove the field from the serializer or make it read-only.

You can then set the owner using the serializer’s save method that allows you to inject additional data.

A good place for this in your example would be the perform_create method of your ModelViewSet. For example:

class FooViewSet(viewsets.ModelViewSet):
    serializer_class = FooSerializer
    permission_classes = [permissions.IsAuthenticated]
    queryset = Foo.objects.all()

    def perform_create(self, serializer):

Leave a comment