5👍
There’s a mistake in your conditions. If it’s a GEt request, the first condition always matches, which requires admin permissions.
Here’s what you want:
class UserAccessPermission(permissions.BasePermission):
def has_permission(self, request, view):
if request.method == 'POST':
return request.user and request.user.is_authenticated()
elif request.method == 'GET': # no need to check for POST here
return request.user and request.user.is_staff
2👍
You are using elif, but this part will not be evaluated because if method is POST the first condition is always True
- [Django]-Find the model name from a Django Rest framework Serializer
- [Django]-HAProxy load balancer in front of Django instances
- [Django]-Django app with fcgi works only in non daemonized mode
- [Django]-Monitoring django postgres connections
Source:stackexchange.com