Reading
Django Rest Framework Permissions
- Along authentication and throttling, permissions determine access
- Permissions check always run at the beginning of every view
- Before running the main body, permissions checks are run and, if permissions are denied, the appropriate exceptions are raised
- Permssions may be set on a per view or per viewset basis
-
Setting Permission Policy
Below, this sets a global permission policy requiring authentication.
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
]
}
Or if not specified, will default to allow access to all users.
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny',
]
Custom Permissions
- Override
BasePermission
and use.has_permission(self, request, view)
or.has_object_permission(self, request, view, obj)
or both