fanhualuojin154873
Reputation: 541
Limit user to access a APIView
I want to get the user's detail information:
class UserDetailAPIView(RetrieveAPIView):
"""
User detail information
"""
queryset = User.objects.filter(is_valid=True).exclude(status=4)
serializer_class = UserDetailSerializer
lookup_field = "username"
I want to limit other users to access this APIView, I want only admin user and the user it self to access that.
How to limit this?
Upvotes: 1
Views: 579
Answers (1)
Babak Abadkheir
Reputation: 2348
you should define your own permission class.something like this:
from rest_framework import permissions
class OwnerProfilePermission(permissions.BasePermission):
"""object lvl permissions for owner """
def has_object_permission(self, request, view, obj):
return obj.user == request.user
and in your views include permission_classes .see DRF documention.
http://www.tomchristie.com/rest-framework-2-docs/api-guide/permissions
and the class base views you choose is important. http://www.tomchristie.com/rest-framework-2-docs/api-guide/generic-views
Upvotes: 3
Related Questions
- Django REST Framework allow only superusers to access api web view
- Django rest framework - Limiting get request access to only authorized user
- How to provice access for specific users to view certain APIs in django rest framework
- Django Rest Framework - prevent access to API?
- How to restrict viewing properly in django rest framework
- How to limit Django REST API to only ONE user?
- How to use object level permissions with APIView?
- How to restrict Django Rest Framework browsable API interface to admin users
- How to include user specific access to Django REST API in this example?
- Django REST framework: restricting user access for objects