Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using a permission class on a detail route

How can I only apply a permission class to a detail route?

class EventViewSet(viewsets.ModelViewSet):

    @detail_route(methods=['post'])
    def messages(self, request, pk=None):
        ### Check a permissions class.
        ...
like image 259
yndolok Avatar asked Mar 30 '15 20:03

yndolok


People also ask

Does DRF have object permissions?

In DRF, object level permissions are used to decide if a user should be allowed to interact with a particular object. The object is usually simply a model instance.

What is permission Django?

Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.


1 Answers

Update-1

From DRF 3.8 onwards, detail_route decorator has replaced with action decorator.

class EventViewSet(viewsets.ModelViewSet):
    @action(permission_classes=[permissions.PermissionClass_], methods=['post'])
    def messages(self, request, pk=None):
        # your view code

Original post

You can add permissions basically by doing this:

class EventViewSet(viewsets.ModelViewSet):
    @detail_route(
        permission_classes=[
            permissions.PermissionClass_],
        methods=['post'])
    def messages(self, request, pk=None):
        ### Check a permissions class.
        ...
like image 184
harshil Avatar answered Sep 30 '22 04:09

harshil