Currently DRF has too many responsibilities. It includes auth, data serialization, partial business logic, data persistence. We should refactor this to separate layers.
serialization with dataclass (using pydantic or similar. Validation should then be place at these objects)
per object auth checks in the views. Move these out of DRF
extract business logic (from DRF, FAT django models) to separate service layer (service layer)
Original by @CBuiVNG
Currently DRF has too many responsibilities. It includes auth, data serialization, partial business logic, data persistence. We should refactor this to separate layers.