'How to use django groups and perms in django-rest-framework

How to handle complex required permissions in any API using django-rest-framework?

For example, you have three tier support operators who have access to APIs, but they should only have access to respective endpoint and as the last tier, superadmin should have everything in hands.

How to solve this simple problem by django group and permissions?

There are lots of answers being related to AND or OR the perms in permission_classes like

def get_permissions(self):
    return (
    IsAuthenticated & (IsCommitteeHead|IsCommitteeMember|IsAdminUser)
    )()

or

permission_classes = [IsAuthenticated &(IsCommitteeHead|IsCommitteeMember|IsAdminUser)]

but I think hard coding always makes the code a complete mess!

django-rest-frameworkpermissions


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Phonegap Android permissions, config.xml and plugins

What causes this iOS permission prompt for "use Bluetooth for new connections"?

How to convert guild.permissions number into an array of persmissions discord.js oauth2

Docker mounting volume. Permission denied

AWS EC2 Ubuntu File permissions issue

How to add the AppTrackingTransparency permission to your iOS apps

Oracle SELECT granted but still can't access table across users

How to request and check permissions in Flutter

I can't realise what is wrong with this piece of code - Notification.requestPermission();

Must remove QUERY_ALL_PACKAGES permission but cannot find it

django permissions: new permission is inserted after all other migrations

Why do we need permission-tree in Android?

Microsoft Graph File Permission invite API not working always

Google Cloud Storage confused about ACL/IAM and legacy permissions