Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django - Custom permissions for function based views

Tags:

python

django

django-rest-framework

how can I write custom permissions for a function based view? I am using the REST framework, and I have written a ciphertext encryption/decryption API. I have one function based view for each key (key-detail) which I would like to only make available to the owner of that key. I know that when using class based views, it is enough to define permission_classes, but how do I do this for function based views? I have tried using the @permission_classes decorator, but it is not working for my custom permission, which is written as so:

class IsOwner(permissions.BasePermission):
    """
    Custom permission to only allow owners of an object to access it.
    """

    def has_object_permission(self, request, view, obj):
        return obj.owner == request.user
like image 354
b_pcakes Avatar asked Feb 20 '16 07:02

b_pcakes

People also ask

How do I use custom permissions in Django?

Django Admin Panel : In Admin Panel you will see Group in bold letter, Click on that and make 3-different group named level0, level1, level3 . Also, define the custom permissions according to the need. By Programmatically creating a group with permissions: Open python shell using python manage.py shell.

Does Django have view permissions?

The Django admin site uses permissions as follows: Access to view objects is limited to users with the “view” or “change” permission for that type of object. Access to view the “add” form and add an object is limited to users with the “add” permission for that type of object.

What is permissions Safe_methods?

SAFE_METHODS: # Check permissions for read-only request else: # Check permissions for write request. Note: The instance-level has_object_permission method will only be called if the view-level has_permission checks have already passed.

How do I add permissions to a Django model?

Add Permissions to a Group If you are using AbstractUser in Django, you must add AUTH_USER_MODEL = 'YourAppName. YourClassName' . This way, you are telling Django to use our custom user model instead of the default one. The code below should go in your admin.py file so that you can see your user model.

1 Answers

It seems like it's a known issue, has_object_permission is not supported when using function based views, it's reported here.

If you would like to call has_permission, you should be able to do so using the permission_classes decorator as shown in the documentation

@api_view(['GET'])
@permission_classes((IsAuthenticated, ))
def example_view(request, format=None):
    content = {
        'status': 'request was permitted'
    }
    return Response(content)
like image 158
Forge Avatar answered Sep 28 '22 05:09

Forge
Sign in to Comment

Related questions

Python regex: splitting on pattern match that is an empty string
Numpy: calculate based on previous element?
Coroutine in python between 3.4 and 3.5, How can I keep backwords compatibility?
Python how to index multidimensional array with string key, like a dict
Replacing an imported module dependency
How can I identify invisible characters in python strings?
How to make type cast for python custom class
Adding extra contour lines using matplotlib 2D contour plotting
Python & Pandas: Combine columns into a date
How to fix error Xlib.error.DisplayConnectionError: Can't connect to display ":0": b'No protocol specified\n'
Attribute error Django REST serializing
Install Poppler for Python on Mac
How to provide temporary download url in Flask?
How to Label patch in matplotlib
Tkinter/ttk themed Message Box?
skipping unknown number of lines to read the header python pandas
Python 101: Can't open file: No such file or directory
Dynamically change dockerrun.aws.json image tag on deploy
Python Selenium binding with TOR browser
How to share data between Python processes?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!