4👍
✅
DjangoObjectPermissions is implemented in a way that expects a user to be able to edit a model as well as have permission to edit an instance of that model.
>>> from django.contrib.auth.models import User, Group
>>> user = User.objects.get(pk=1)
>>> admins = Group.objects.get(pk=1)
>>> user.has_perm('change_group')
False
>>> user.has_perm('change_group', admins)
True
Managing model permissions can add (user management) overhead to your project. I would suggest only going down this route if you have the requirement for the rest of your project and plan to use it.
Instead creating a custom permissions class that suits exactly your needs seems like the best course. It can be as simple as:
class ObjectOnlyPermissions(DjangoObjectPermissions):
def has_permission(self, request, view):
return True
The workaround you reference is undocumented and looks like it’s there to solve an internal issue (APIRootView endpoint list being filtered). I wouldn’t rely on this to fix your issue.
Source:stackexchange.com