5👍
The first permission check is to see that the user is able to access the requested resource. After that each of those permission checks is being run by the BrowsableAPIRenderer to see if the user has access to the HTTP methods PUT, PATCH DELETE, and OPTIONS, in order to determine if the rendered template should include buttons that will allow you to take those actions on the requested resource. That first permission check is whether you have a GET permission. When I run this locally, I’m actually seeing 6 checks, because PUT is getting checked twice, though I’m not sure why.
You can see this in action if you add a print(request.method) line in has_object_permission.
If you add ?format=json to the end of your URL, or just add format=json to the query string if you have additional parameters there, you will force the use of the JSONRenderer, which will only fetch and return the data, without the browsable API template. Thus, those extra permission checks aren’t necessary to see if the renderer should create those buttons on the template. JSONRenderer will only run the single permissions check on the GET request.