Reputation: 5908
django-rest-framework : setting per user permissions
I have REST api created using DRF 3.0.1. If I use the permission class rest_framework.permissions.IsAuthenticated, any authenticated user can perform GET, POST, etc. actions for any user as long he has a valid token.
I want to set per user permissions in that an admin user can see and update all users' data but any non-admin user should only be able to see and update only his data.
From the examples I have seen so far, it seems like rest_framework.permissions.DjangoObjectPermissions is the class I need to use. However, the examples use Class Based Views.
I have used Function Based Views in my code. Is it possible to implement this using function based views? Doing queryset = <Model>.objects.non() as suggested in DRF doc doesn't help. It complains Cannot apply DjangoModelPermissions on a view that does not have .model or .queryset property.
Is there a way I can do this without moving from FBVs to CBVs?
Upvotes: 2
Views: 569
Answers (1)
Reputation: 41665
Are you using api_view decorator of DRF?
if so, you might find rest_framework.decorators.permission_classes useful.
@permission_classes([SomePermission])
Upvotes: 2
Related Questions
- Django REST Framework - Separate permissions per methods
- Django Rest Framework custom permissions per view
- How to set different permissions depending on the request method?
- Django rest framework user models permissions
- How to make a Custom Permission django-rest
- Custom Permissions in Django Rest Framework
- How to set permissions for users
- How can I write my own permissions in django
- How to add permissions in Django Rest Framework for specific requests
- Django REST framework: restricting user access for objects