CODEWITHSUNDEEP
djangodjango-rest-frameworkdjango-rest-auth
Naggappan Ramukannan
Naggappan Ramukannan

Reputation: 2812

Django rest IsAdminUser not applied

I have following in my views.py ,

from webapi.models import members
from rest_framework import permissions
from webapi.serializers import MemberSerializer
from rest_framework import generics



class MemberList(generics.ListAPIView):
    queryset = members.objects.all()
    serializer_class = MemberSerializer
    permission_class = (permissions.IsAuthenticated,)


class MemberCreate(generics.CreateAPIView):
    queryset = members.objects.all()
    serializer_class = MemberSerializer
    permission_class = (permissions.IsAdminUser,)

    def perform_create(self, serializer):
         serializer.save(owner=self.request.user)

In the above IsAuthenticated is working fine fine, but when i use "permissions.IsAdminUser" for MemberCreate class it is allowing not admin user also to create items.

As per the question "Django rest_framework IsAdminUser not behaving" I even tried to add the following in settings.py but still override is not happening,

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    )
 }

No matter If Add or don't add the REST_FRAMEWORK in settings.py IsAdminUser permissions is not working.

Upvotes: 1

Views: 2408

Answers (1)

Exprator
Exprator

Reputation: 27513

the problem is with the permission_class

it will be

 permission_classes = (permissions.IsAdminUser, )
 #              ^^^^^

Upvotes: 3

Related Questions