4๐
I canโt use a decorator like: @permission_classes(IsAuthenticated, ) in extra actions within ViewSet
To use different permissions in actions, instead, put it into the @action() as a parameter.
@action(detail=True, methods=['post'], permission_classes=[IsAdminOrIsSelf])
def set_password(self, request, pk=None):
...
๐คC.K.
1๐
simply create a custom permission class
class FixAnAppointmentPermssion(permissions.BasePermission):
def has_permission(self, request, view):
return True or False
then the in your view set class use your custom permission
class settingsViewSet(viewsets.ModelViewSet):
serializer_class = SettingsSerializer
queryset = Setting.objects.all()
permission_classes = (FixAnAppointmentPermssion,)
๐คaliva
- [Django]-What is difference between crawling, Parsing, Indexing, Search from Python libraries perspective
- [Django]-Display link on template when user is a staff member in Django
- [Django]-Inconsistent SignatureDoesNotMatch Amazon S3 with django-pipeline, s3boto and storages
- [Django]-How to get name of file in request.POST?
1๐
by docs custom-permissions, list of view actions actions
my_permissions.py
from rest_framework import permissions
class FixPermission(permissions.BasePermission):
"""
fix_an_appointment
"""
def has_permission(self, request, view):
if request.user.is_authenticated :
if view.action == 'retrieve':
return request.user.has_perms('fix_list_perm')
if view.action == 'retrieve':
return request.user.has_perms('fix_an_appointment')
return False
in views.py
from my_permissions import FixPermission
class settingsViewSet(viewsets.ModelViewSet):
serializer_class = SettingsSerializer
queryset = Setting.objects.all()
permission_classes = (FixPermission,)
๐คBrown Bear
- [Django]-Django only submitting csrf token in forms?
- [Django]-IntegrityError: (1062, Duplicate entry for key)
- [Django]-How to make a geography field unique?
- [Django]-Django deep serialization โ follow reverse foreign key constraints
- [Django]-Django-crispy-forms: form_class appears but label_class and field_class does not
0๐
We can set permission for each functions like create, retrive, update, delete(add,edit,delete and update)
from my_permissions import FixPermission
class FixAnAppointmentPermssion(permissions.BasePermission):
def has_permission(self, request, view):
return True or False
class YourViewSet(viewsets.ModelViewSet):
serializer_class = SettingsSerializer
queryset = Your.objects.all()
@permission_classes(FixAnAppointmentPermssion,)
def create(request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
@permission_classes(FixAnAppointmentPermssion,)
def retrive(request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
๐คRamesh K
- [Django]-Django Query, filter by user group
- [Django]-Django: "auto_now_add=True" giving incorrect time
- [Django]-How to filter a queryset of objects created more than one hour ago from Django's DateTimeField?
- [Django]-Django: OR queries with dynamic field names
Source:stackexchange.com