Challenge 1: Write a Serializer — Possible Solution ==================================================================== # catalog/serializers.py from rest_framework import serializers from .models import Author class AuthorSerializer(serializers.ModelSerializer): class Meta: model = Author fields = ["id", "name", "bio"] # birth_year deliberately excluded # --- Usage in the Django shell --- >>> from catalog.serializers import AuthorSerializer >>> from catalog.models import Author >>> author = Author.objects.get(pk=1) >>> serializer = AuthorSerializer(author) >>> serializer.data {'id': 1, 'name': 'Ursula K. Le Guin', 'bio': 'American author best known for speculative fiction.'} # Note birth_year does NOT appear in the output, even though it exists on # the Author model — it was never included in Meta.fields. WHY THIS WORKS -------------- - Meta.fields = ["id", "name", "bio"] is an explicit allowlist, exactly the same principle as ModelForm.Meta.fields from the Forms chapter in Course 1 — birth_year simply isn't part of this serializer's shape at all, whether reading (serializer.data) or writing (deserializing incoming data). - "id" is included explicitly here even though it's not something a client should ever be able to SET on creation — DRF is smart enough to treat the primary key as read-only by default when it's included in fields, so exposing it for reading (useful for clients that need to reference a created object by ID) doesn't create the same write risk that including a field like is_staff would. - Passing a single Author instance (not a list) to AuthorSerializer(...) without many=True produces a single dict via .data — for a QuerySet of multiple authors, many=True would be required to get a list of dicts instead.