Menu
How can I only apply a permission class to a detail route?
class EventViewSet(viewsets.ModelViewSet):
@detail_route(methods=['post'])
def messages(self, request, pk=None):
### Check a permissions class.
...
259
In DRF, object level permissions are used to decide if a user should be allowed to interact with a particular object. The object is usually simply a model instance.
Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.
From DRF 3.8 onwards, detail_route decorator has replaced with action decorator.
class EventViewSet(viewsets.ModelViewSet):
@action(permission_classes=[permissions.PermissionClass_], methods=['post'])
def messages(self, request, pk=None):
# your view code
You can add permissions basically by doing this:
class EventViewSet(viewsets.ModelViewSet):
@detail_route(
permission_classes=[
permissions.PermissionClass_],
methods=['post'])
def messages(self, request, pk=None):
### Check a permissions class.
...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
