How can I only apply a permission class to a detail route?
class EventViewSet(viewsets.ModelViewSet):
@detail_route(methods=['post'])
def messages(self, request, pk=None):
### Check a permissions class.
...
In DRF, object level permissions are used to decide if a user should be allowed to interact with a particular object. The object is usually simply a model instance.
Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.
From DRF 3.8 onwards, detail_route
decorator has replaced with action
decorator.
class EventViewSet(viewsets.ModelViewSet):
@action(permission_classes=[permissions.PermissionClass_], methods=['post'])
def messages(self, request, pk=None):
# your view code
You can add permissions basically by doing this:
class EventViewSet(viewsets.ModelViewSet):
@detail_route(
permission_classes=[
permissions.PermissionClass_],
methods=['post'])
def messages(self, request, pk=None):
### Check a permissions class.
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With