Welcome to Brannon's Reading Notes!

This serves as my personal page to keep and update my reading notes for Code Fellows Courses 201, 301, and 401.

Reading

Django Rest Framework Permissions

Along authentication and throttling, permissions determine access
Permissions check always run at the beginning of every view
Before running the main body, permissions checks are run and, if permissions are denied, the appropriate exceptions are raised
Permssions may be set on a per view or per viewset basis
Setting Permission Policy

Below, this sets a global permission policy requiring authentication.

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ]
}

Or if not specified, will default to allow access to all users.

'DEFAULT_PERMISSION_CLASSES': [
   'rest_framework.permissions.AllowAny',
]

Custom Permissions

Override BasePermission and use .has_permission(self, request, view) or .has_object_permission(self, request, view, obj) or both