'How to handle multi-level permissions in Django REST Framework?

I'm attempting to create a DRF API that can handle multi-level permissions. I have Users, Clients, and Brands. Clients can contain one or many Brands.

The way I'm trying to get User Permissions to work is a User can have access to one or many Clients. If given access to that Client they will also be given limited access to one or many Brands within that Client.

I can't wrap my head around how to manage the permissions on this. Does this need to object instance level permissions? or is there another way to organize it? I'm trying to avoid 3rd party packages, but I have seen several people mention django-guardian.

I understand this is a very general question. So I appreciate any type of response on this. Thank you.

djangoapidjango-rest-frameworkpermissionsdjango-users


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

Django models | get specific columns

python: can't open file 'manage.py': [Errno 2] No such file or directory

How to take a zipfile as a File object in django?

How to take a zipfile as a File object in django?

django: invalid syntax path('details/<int:id>/', views.details, name='details')

How do I install an old version of Django on virtualenv?

How to automatically login a user after registration in django

Took too long to shut down and was killed

Override save method of Django Admin

ValueError The QuerySet value for an exact lookup must be limited to one result using slicing on django views

django.core.exceptions.ValidationError: ['“” value must be a decimal number.']