[API]  Change Resource Serializer to Pull `user` field values from Currently Authed User

The current `resource` POST (create) api will take any `int` value POSTed for the `user` field.   This means, effectively, that one authorized user can "impersonate" another when it comes to creating a resource in the DB.

We don't want this to happen.  Instead, the `user` field should be pulled from and populated by the 'username' field from the JWT token.

See [this Stack Overflow Post](https://stackoverflow.com/questions/28086890/django-rest-framework-drf-set-current-user-id-as-field-value) for information on how this can be accomplished.

see [DRF:  Generic Views `perform_create()`](https://www.django-rest-framework.org/api-guide/generic-views/#methods) under **Save and deletion hooks**  for additional context.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[API] Change Resource Serializer to Pull `user` field values from Currently Authed User #67

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[API] Change Resource Serializer to Pull user field values from Currently Authed User #67

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

[API] Change Resource Serializer to Pull `user` field values from Currently Authed User #67