1👍
Why you are using or operator in list, it can be simplified as ['POST', 'PUT', 'DELETE']so:
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
Edit
Try to use the IsAuthenticatedOrReadOnly class directly to allow unauthenticated users to perform GET requests and authenticated users to perform POST, PUT, and DELETE requests so:
from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission
class WriteByAdminOnlyPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
return True
return IsAuthenticatedOrReadOnly().has_permission(request, view)
class ScenarioViewSet(ModelViewSet):
permission_classes = [WriteByAdminOnlyPermission]
serializer_class = ScenarioSerializer
queryset = Scenario.objects.all()
As defined by you in the below comment as removing DEFAULT_AUTHENTICATION_CLASSES worked for you.
Source:stackexchange.com