'How to correctly handle different types of users in django rest framework?
I am currently using mixins. My project has a lot of user types which interract differently with the database. This means I need to specify different queries for each type of users and I do that inside the "get_queryset". Example for class view:
class ClassViewSet(mixins.Create,Retrieve,Update,Destory,Generic)
def get_queryset(self: 'ClassViewSet'):
role = self.request.user.role
if role == User.ROLE.TEACHER:
queryset = ~the classes where the teacher is teaching~
if role == User.ROLE.STUDENT:
queryset = ~the class where the student is studying~
return queryset
The above example code will return multiple classes if the user is a teacher and one class if the user is a student.
Now, I want the to allow teachers to update or delete data from the classes where they teach while students should not be allowed to do anything beside retrieveing one class.
How I should do this?
I could override the delete and update from the mixins and do the same "if role ..." but is a lot of work. Is there a more efficient/correct way of doing this?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|