It is important to note that when you accept selected fields to output you must validate those field names as well.
Sometimes people has a giant object from database, and on return they return a subset of it. But someone may make a mistake by iterating over that object to return selected fields.
if options:
return {key: object[key] for key in options}
else:
return safe_output_for_this_api(object)
So collapse that into safe_output_for_this_api instead :D
Sometimes people has a giant object from database, and on return they return a subset of it. But someone may make a mistake by iterating over that object to return selected fields.
So collapse that into safe_output_for_this_api instead :D