From d64e88e467fe5743a540a9356cdb462f5cbe3402 Mon Sep 17 00:00:00 2001
From: Carlton Gibson <carlton.gibson@noumenal.es>
Date: Fri, 16 Mar 2018 15:53:57 +0100
Subject: [PATCH 1/2] Always exclude read_only fields from _writable_fields

---
 rest_framework/serializers.py | 3 +--
 tests/test_fields.py          | 9 ++++++++-
 tests/test_serializer.py      | 2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/rest_framework/serializers.py b/rest_framework/serializers.py
index e35e04440d..d773902e89 100644
--- a/rest_framework/serializers.py
+++ b/rest_framework/serializers.py
@@ -367,8 +367,7 @@ def fields(self):
     @cached_property
     def _writable_fields(self):
         return [
-            field for field in self.fields.values()
-            if (not field.read_only) or (field.default is not empty)
+            field for field in self.fields.values() if not field.read_only
         ]
 
     @cached_property
diff --git a/tests/test_fields.py b/tests/test_fields.py
index 6a694092ac..eee794eaab 100644
--- a/tests/test_fields.py
+++ b/tests/test_fields.py
@@ -219,10 +219,17 @@ def example_callable(self):
 class TestReadOnly:
     def setup(self):
         class TestSerializer(serializers.Serializer):
-            read_only = serializers.ReadOnlyField()
+            read_only = serializers.ReadOnlyField(default="789")
             writable = serializers.IntegerField()
         self.Serializer = TestSerializer
 
+    def test_writable_fields(self):
+        """
+        Read-only fields should not be writable, even with default ()
+        """
+        serializer = self.Serializer()
+        assert len(serializer._writable_fields) == 1
+
     def test_validate_read_only(self):
         """
         Read-only serializers.should not be included in validation.
diff --git a/tests/test_serializer.py b/tests/test_serializer.py
index 120632572d..c37998f195 100644
--- a/tests/test_serializer.py
+++ b/tests/test_serializer.py
@@ -513,7 +513,7 @@ class ExampleSerializer(serializers.Serializer):
 class TestDefaultInclusions:
     def setup(self):
         class ExampleSerializer(serializers.Serializer):
-            char = serializers.CharField(read_only=True, default='abc')
+            char = serializers.CharField(default='abc')
             integer = serializers.IntegerField()
         self.Serializer = ExampleSerializer
 

From de92e965be290d127e0550d327c7b14f2a2e1e97 Mon Sep 17 00:00:00 2001
From: Carlton Gibson <carlton.gibson@noumenal.es>
Date: Tue, 20 Mar 2018 20:47:09 +0100
Subject: [PATCH 2/2] Remove `read_only` from `CreateOnlyDefault` example.

In this context (without mentioning `save`) now slightly misleading.
---
 docs/api-guide/validators.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/api-guide/validators.md b/docs/api-guide/validators.md
index fe492c0a71..fd1e221bda 100644
--- a/docs/api-guide/validators.md
+++ b/docs/api-guide/validators.md
@@ -189,7 +189,6 @@ A default class that can be used to *only set a default argument during create o
 It takes a single argument, which is the default value or callable that should be used during create operations.
 
     created_at = serializers.DateTimeField(
-        read_only=True,
         default=serializers.CreateOnlyDefault(timezone.now)
     )