Added related fields filtering

[Anton-Shutik]

Fixes #
This simple PR adds fitlering for related querysets. Let's say we have an url like /api/order/1/items/ and I want for filter the items by available=true. There is no way to do it now.
With this PR we can do this by adding filter backend to the OrderviewSet:

class OrderViewSet(ModelViewset):
    related_filter_backends = {'items': [IsAvailableFilter]}

That's it.
Filtering work exactly same way as standard DRF's filtering.

Description of the Change

Checklist

• PR only contains one change (considered splitting up PR)
• unit-test added
• documentation updated
• changelog entry added to CHANGELOG.md
• author name in AUTHORS

[n2ygk]

This might help address #496

…

On Thu, Oct 25, 2018 at 7:17 AM Anton Shutik ***@***.***> wrote: Fixes # This simple PR adds fitlering for related querysets. Let's say we have an url like /api/order/1/items/ and I want for filter the items by available=true. There is no way to do it now. With this PR we can do this by adding filter backend to the OrderviewSet: class OrderViewSet(ModelViewset): related_filter_backends = {'items': [IsAvailableFilter]} That's it. Filtering work exactly same way as standard DRF's filtering. Description of the Change Checklist - PR only contains one change (considered splitting up PR) - unit-test added - documentation updated - changelog entry added to CHANGELOG.md - author name in AUTHORS ------------------------------ You can view, comment on, or merge this pull request online at: #504 Commit Summary - Added related fields filtering File Changes - *M* rest_framework_json_api/views.py <https://github.com/django-json-api/django-rest-framework-json-api/pull/504/files#diff-0> (18) Patch Links: - https://github.com/django-json-api/django-rest-framework-json-api/pull/504.patch - https://github.com/django-json-api/django-rest-framework-json-api/pull/504.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#504>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEJ5d1IN0aVtfcqaaJ-O9e6wBgS8GNsTks5uoZ24gaJpZM4X6DPP> .

[Anton-Shutik]

@n2ygk I think something like that will help better . Didn't tested, just an idea

[Anton-Shutik]

For this PR it just allows to filter related querysets.
What do you think about it ? If it looks good for you I can add some tests and update the docs.
Thanks

[n2ygk]

@Anton-Shutik Actually this might be better than returning an error as you do in #505 if the goal is to reduce the related queryset to those allowed to be returned. Basically the related_filter_backends is a permission filter that only returns items that are permitted to be returned.

The goal I think is to silently not return related data when not permitted (make it invisible) rather than have the request fail. Does that make sense @lcary?

[Anton-Shutik]

@n2ygk related_filter_backends is just for filtering. It should not check any permissions or something. It is made same way like DRF does. Filters and permissions are separate things. Let's do not mix it. If you want to hide some items from current customer - add a IsNotHiddenItemFilter and it will just filter out all items that the customer shouldn't see. It you want to check permissions for a given endpoint (or resource) add a IsStuffUser(for example) and that will return response only for stuff users. That's it.

Permissions check is a permission check. It should not do any filtering at all. And filtering is just filtering it should not check anything. That's why I've made 2 separate PRs for that.

[sliverc]

See #496 (comment)

[sliverc]

Closing this for now as the discussion in #496 continues how the issue can be solved.