Django-rest-framework: Authentication/permissions error: TypeError: 'str' object is not callable

Question

I am trying to learn about django-rest-framework and I am stuck in the authentication/permissions processes. I hope someone could help me. Below is my code:

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'drones.custompagination.LimitOffsetPaginationWithUpperBound',
    'PAGE_SIZE': 4,
    'DEFAULT_FILTER_BACKENDS': (
        'django_filters.rest_framework.DjangoFilterBackend',
        'rest_framework.filters.OrderingFilter',
        'rest_framework.filters.SearchFilter',
    ),
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
    ]
}

models.py

class Drone(models.Model):
    name = models.CharField(max_length=250,
                            unique=True)
    drone_category = models.ForeignKey(DroneCategory,
                                       related_name='drones',
                                       on_delete=models.CASCADE)
    manufacturing_date = models.DateTimeField()
    has_it_competed = models.BooleanField(default=False)
    inserted_timestamp = models.DateTimeField(auto_now_add=True)
    owner = models.ForeignKey(
        'auth.User',
        related_name='drones',
        on_delete=models.CASCADE)

    class Meta:
        ordering = ('name',)

    def __str__(self):
        return self.name

views.py

class DroneList(generics.ListCreateAPIView):
    queryset = Drone.objects.all()
    serializer_class = DroneSerializer
    name = 'drone-list'
    permission_classes = (
        'permissions.IsAuthenticatedOrReadOnly',
        'custompermission.IsCurrentUserOwnerOrReadOnly',
    )
    filterset_fields = (
        'name',
        'drone_category',
        'manufacturing_date',
        'has_it_competed',
    )
    search_fileds = (
        'name',
    )
    ordering_fields = (
        'name',
        'manufacturing_date',
    )
    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)

class DroneDetail(generics.RetrieveUpdateDestroyAPIView):
    queryset = Drone.objects.all()
    serializer_class = DroneSerializer
    name = 'drone-detail'
    permission_classes = (
        'permissions.IsAuthenticatedOrReadOnly',
        'custompermission.IsCurrentUserOwnerOrReadOnly',
    )

custompermission.py

from rest_framework import permissions

class IsCurrentUserOwnerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            # The method is a safe method
            return True
        else:
            # The method is not a safe method
            # Only owners are granted permissions
            return obj.owner == request.user

And and below is the error that django is throwing:

[03/Nov/2019 18:01:42] "GET / HTTP/1.1" 200 10070
Internal Server Error: /drones/
Traceback (most recent call last):
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 505, in dispatch
    response = self.handle_exception(exc)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 465, in handle_exception
    self.raise_uncaught_exception(exc)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
    raise exc
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 493, in dispatch
    self.initial(request, *args, **kwargs)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 411, in initial
    self.check_permissions(request)
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 331, in check_permissions
    for permission in self.get_permissions():
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 278, in get_permissions
    return [permission() for permission in self.permission_classes]
  File "/home/martin/python/learn_rest/lib/python3.5/site-packages/rest_framework/views.py", line 278, in <listcomp>
    return [permission() for permission in self.permission_classes]
TypeError: 'str' object is not callable
[03/Nov/2019 18:01:45] "GET /drones/ HTTP/1.1" 500 107476

• Python version: 3.5.3
• Django version: 2.2.6
• Django Rest Framework version: 3.10.3

I have been searching here for other people having the same problem, but none of the solutions provided seem to work for this particular case

Thank you so much in advance for your help

Answer 1

Try to set the value of permission_classes to the permission classes directly, something like:

from rest_framework import permissions
#import your custome permission module
class DroneDetail(generics.RetrieveUpdateDestroyAPIView):
    queryset = Drone.objects.all()
    serializer_class = DroneSerializer
    name = 'drone-detail'
    permission_classes = (
        permissions.IsAuthenticatedOrReadOnly,
        custompermission.IsCurrentUserOwnerOrReadOnly,
    )