loar
Reputation: 1765
DRF - Check user permissions
I want to check the permissions of the user in each method so, before the call reach the method handler the permissions must have been checked (DRY). According to the documentation initial enables me to do this but, is this a good practice?
class StorageDetail(APIView):
def initial(self, request, *args, **kwargs):
if not has_permission(request):
return Response(status=status.HTTP_403_FORBIDDEN)
super(StorageDetail, self).initial(request, *args, **kwargs)
def post(self, request, storage_id):
# ....
def put(self, request, storage_id):
# ...
Upvotes: 1
Views: 2518
Answers (1)
Raz
Reputation: 7923
No. It is not a good practice. According to the documentation it is better to use Permission class.
from rest_framework import permissions
class CustomerAccessPermission(permissions.BasePermission):
message = 'Adding customers not allowed.'
def has_permission(self, request, view):
return True
class ExampleView(APIView):
permission_classes = (IsAuthenticated, CustomerAccessPermission,)
Upvotes: 2
Related Questions
- How to check if a requested user has a specific custom permission in Django Rest Framework?
- DRF custom check_permission not being called
- Django Rest Framework: Custom IsReadOnly Permission
- Django REST Framework - How to quickly checks user permissions?
- Django DRF role level permission
- DRF Custom permission
- DRF Object level permissions check for single field
- Django REST framework checks unnecessary permissions
- Check permissions on a related object in Django REST Framework
- DRF permission not taking effect