Gurkenkönig
Reputation: 828
How to make Django REST User API with complex permissions
I want to make a Django REST User API with complex permissions as follows:
GET
- Only Admin should be able to get all User data
- Logged in User should be to get himself and the names of other Users
PUT
- Only Admin and Self should be able to PUT
- Except for is_staff and is_superuser only is_superuser should be able to change the status of a user
- Password changes by a User should require the old password
- if User is !is_staff password reset should be possible
POST / DELETE
- Only Admin should be able POST/DELETE User
- User should be able to update his own Profile
Unfortunately, I have no idea how to control the view or serializer to allow such permissions. Is there a template how I can exactly control the permissions?
Upvotes: 0
Views: 215
Answers (1)
Sergey Pugach
Reputation: 5669
You can write your custom permission according to DRF docs.
And add YourCustomPermission in your view:
class ExampleView(APIView):
permission_classes = (YourCustomPermission,)
Upvotes: 2
Related Questions
- How to have a permission-based user system in Django?
- Django rest framework user models permissions
- How to make a Custom Permission django-rest
- Custom Permissions in Django Rest Framework
- How can I write my own permissions in django
- Django: Creating permissions that relate two `User` objects together
- Django Rest Frmework - Create API for User, Group and Permission
- How to add permissions in Django Rest Framework for specific requests
- Django-rest: How to implement authentication and permissions for custom User models?
- django-rest-framework : setting per user permissions