10👍
In the Django REST framework, how are the default permission classes combined with per-view(set) ones?
They are not combined.
… the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet’s permission classes, but are instead replaced by it?
Correct.
8👍
Do I infer correctly from this example that the
DEFAULT_PERMISSION_CLASSESare not prepended / postpended to a
ModelViewSet‘s permission classes, but are instead replaced by it?
The DEFAULT_PERMISSION_CLASSES are used for views/viewsets where permission_classes is not defined. In the cases they are defined, those are used instead, not the default ones.
- How do I simulate connection errors and request timeouts in python unit tests
- Django load local json file
5👍
If you do want to extend the default permissions, this seems to work.
Disclaimer: I found it by looking into DRF’s code, not sure it is documented.
from rest_framework.settings import api_settings
class UserViewSet(viewsets.ModelViewSet):
permission_classes = [*api_settings.DEFAULT_PERMISSION_CLASSES, TokenHasReadWriteScope]
-1👍
Add code in your custom Permission class like this
class ObjectWritePermission(BasePermission):
# you will see this function in IsAuthenticated Permission class
def has_permission(self, request, view):
return bool(request.user and request.user.is_authenticated)
def has_object_permission(self, request, view, obj):
return obj.user == request.user
- Whats the best way to duplicate data in a django template?
- Python/Django: Which authorize.net library should I use?
- How do I remove the square brackets at the end of a JS variable name during AJAX calls?
- Changing password in Django Admin