only overwrite final representation not the serializer

2026-05-04 15:04:03 +00:00 · 2026-04-15 12:16:18 +02:00
parent 958e318b4c
commit 23de795b3f
2 changed files with 7 additions and 21 deletions
--- a/src/pretix/api/serializers/media.py
+++ b/src/pretix/api/serializers/media.py
@@ -117,8 +117,8 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
        return data

    def to_representation(self, instance):
+        r = super().to_representation(instance)
        request = self.context.get('request')
-
        # late permission evaluations for checks that depend on the actual linked events
        if 'linked_orderposition' in self.context['request'].query_params.getlist('expand'):
            if instance.linked_orderposition is not None:
@@ -126,11 +126,7 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
                if not (
                    request.user if request.user and request.user.is_authenticated else request.auth
                ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request):
-                    pos_serializer = self.fields['linked_orderposition']
-                    allowed = {'id'}
-                    for field_name in list(pos_serializer.fields.keys()):
-                        if field_name not in allowed:
-                            pos_serializer.fields.pop(field_name)
+                    r['linked_orderposition'] = {'id': instance.linked_orderposition.id}

        if 'linked_giftcard.owner_ticket' in self.context['request'].query_params.getlist('expand'):
            gc = instance.linked_giftcard
@@ -139,14 +135,9 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
                if not (
                    request.user if request.user and request.user.is_authenticated else request.auth
                ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request):
-                    ticket_serializer = self.fields['linked_giftcard'].fields['owner_ticket']
-                    allowed = {'id'}
-                    for field_name in list(ticket_serializer.fields.keys()):
-                        if field_name not in allowed:
-                            ticket_serializer.fields.pop(field_name)
+                    r['linked_giftcard']['owner_ticket'] = {'id': instance.linked_giftcard.owner_ticket.id}

-
-        return super().to_representation(instance)
+        return r



--- a/src/pretix/api/serializers/organizer.py
+++ b/src/pretix/api/serializers/organizer.py
@@ -287,8 +287,8 @@ class GiftCardSerializer(I18nAwareModelSerializer):
        return data

    def to_representation(self, instance):
+        r = super().to_representation(instance)
        request = self.context.get('request')
-
        # late permission evaluations for checks that depend on the actual linked events
        if 'owner_ticket' in self.context['request'].query_params.getlist('expand'):
            owner_ticket = instance.owner_ticket
@@ -297,13 +297,8 @@ class GiftCardSerializer(I18nAwareModelSerializer):
                if not (
                    request.user if request.user and request.user.is_authenticated else request.auth
                ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request):
-                    ticket_serializer = self.fields['owner_ticket'].read
-                    allowed = {'id'}
-                    for field_name in list(ticket_serializer.fields.keys()):
-                        if field_name not in allowed:
-                            ticket_serializer.fields.pop(field_name)
-
-        return super().to_representation(instance)
+                    r['owner_ticket'] = {'id': instance.owner_ticket.id}
+        return r

    class Meta:
        model = GiftCard