Doadc
Reputation: 145
Restrict Django Rest Framework for all users except super users
Can I restrict my Django Rest Framework to be only accessed by super users?
Can I add a decorator to the urls so that the url is only accessed by super users:
url(r'^api/', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
Upvotes: 2
Views: 791
Answers (1)
e4c5
Reputation: 53744
If you want to allow any staff member to access the API, then it's easy
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser',
)
}
For super user, there isn't a built in permissions class, but we can make one easily.
from rest_framework import permissions
class SuPermission(permissions.BasePermission):
def has_permission(self, request, view):
return request.user.is_authenticated() and request.user.is_superuser
and then
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'myapp.permissions.SuPermission',
)
}
Upvotes: 4
Related Questions
- Django REST Framework allow only superusers to access api web view
- Django rest_framework, disable authentication and permission in specific method
- Django rest framework - Limiting get request access to only authorized user
- Django Rest Framework restrict user data view to admins & the very own user
- Create a custom superuser django
- How to limit Django REST API to only ONE user?
- How to restrict Django Rest Framework browsable API interface to admin users
- Django REST framework: restricting user access for objects
- How can i use the base django base permissions to limited user access?
- django-rest-framework : setting per user permissions