Our great sponsors
-
FizzBuzz Enterprise Edition
FizzBuzz Enterprise Edition is a no-nonsense implementation of FizzBuzz made by serious businessmen for serious business purposes.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
That being said, django uses a pattern called "Active Record" where it advocates that the models should have whatever domain functionality they need to have, not just a data layer. Hence you should keep view code as thin as possible and delegate business logic to models as much as you can. I know this could be contrary to everything that generally lays out in the open (enterprise architecture and what not) and Active Record is not pretty for complex data manipulation, but 90% of what we are doing is not that complex. And Django is an especially opinionated one.
Yeah OK, I'll just change and comment where appropriate (albeit I did not really test this code nor did use a proper text editor): class UserListCreateView(generics.ListCreateAPIView): permission_classes = [permissions.IsAuthenticated] serializer_class = AccountSerializer There is a built-in permission for authentication. But if that does not suit you, you can implement your own. (e.g. IsTeacher, IsSchool etc.) Also, it seems like you are returning teachers as a nested data, so you might need to implement your own logic for the serializer to be writable, or use drf-writable-nested ``` def get_queryset(self, request): if self.request.user.account_type == "teacher": return Account.objects.all().filter(username=self.request.user)