I found the reason, it's because of the fields
field of my UserResource that does not contain password
in the allowed fields.
When I add it, it works.
Nevertheless, as it was a problem for the GET requests to have the password, that's why I overrided the dehydrate()
method of UserResource then.
The working version is:
class Meta(CommonResourceMeta):
queryset = User.objects.all()
resource_name = 'users'
fields = ['id', 'username', 'email', 'password', 'bizuser']
detail_allowed_methods = ['get']
...
def dehydrate(self, bundle):
'''Remove pwd from data bundle for obvious security purposes'''
try:
bundle.data.pop('password')
except:
pass
return bundle