deptrai
Reputation: 147
Make Django REST endpoints inaccessible if no permission exists
currently I am creating a webbackend with Django, where the administration is done with KeyCloak.
With KeyCloak I can assign users with certain role (e.g. customers, subscription customers).
The customer and subscription customer have different permissions. (E.g. like in the film industry, where only the subscription customers can watch all movies and the normal customer can not) There's an endpoint to every movie.
How can I make this endpoint inaccessible with missing permissions?
Upvotes: 0
Views: 139
Answers (1)
Shavzz Hussain
Reputation: 89
You have to create a user_type field in your User Model
ACCESS_CHOICES = (
('subscriber', 'subscriber'),
('non-subscribe', 'non-subscribe')
)
user_type = models.CharField(choices=ACCESS_CHOICES, max_length=15)
create a custom permission class and put that into your view
class MoviesAccessPermssion(permissions.BasePermission):
def has_permission(self, request, view):
return True or False #on base of request.user.user_type
Upvotes: 0
Related Questions
- Django rest_framework, disable authentication and permission in specific method
- Django rest framework - Limiting get request access to only authorized user
- How can I protect some endpoints from user accessing it directly in django?
- Django Rest Framework - prevent access to API?
- remove authentication and permission for specific url path
- Django Rest Framework: Custom IsReadOnly Permission
- How to restrict Django Rest Framework browsable API interface to admin users
- How to hide or change permissions on /api/ endpoint in Django Rest?
- Django : TokenAuthentication, setting permissions on endpoints
- Django REST framework checks unnecessary permissions