javascript python java c# php android html jquery c++ css ios mysql sql r node.js arrays reactjs c asp.net json ruby-on-rails .net sql-server swift python-3.x objective-c django angular angularjs excel regex pandas ruby iphone ajax linux xml vba asp.net-mvc spring laravel database wordpress typescript string wpf mongodb windows xcode postgresql bash oracle git vb.net amazon-web-services multithreading list firebase flutter eclipse spring-boot dataframe azure react-native algorithm docker macos forms image visual-studio scala powershell function twitter-bootstrap numpy api performance selenium winforms python-2.7 matlab vue.js sqlite apache hibernate entity-framework loops rest shell facebook express android-studio csv linq maven qt swing unit-testing file tensorflow

[ACCEPTED]-Django Rest Framework custom permissions per view-django-rest-framework

Accepted answer
Score: 13

Well, the first step could be done easy 2 with DRF. See http://www.django-rest-framework.org/api-guide/permissions#custom-permissions.

You must do something like 1 that:

from functools import partial

from rest_framework import permissions

class MyPermission(permissions.BasePermission):

    def __init__(self, allowed_methods):
        super().__init__()
        self.allowed_methods = allowed_methods

    def has_permission(self, request, view):
        return request.method in self.allowed_methods


class ExampleView(APIView):
    permission_classes = (partial(MyPermission, ['GET', 'HEAD']),)
Score: 6

Custom permission can be created in this 1 way, more info in official documentation( https://www.django-rest-framework.org/api-guide/permissions/):

from rest_framework.permissions import BasePermission


# Custom permission for users with "is_active" = True.
class IsActive(BasePermission):
    """
    Allows access only to "is_active" users.
    """
    def has_permission(self, request, view):
        return request.user and request.user.is_active

# Usage
from rest_framework.views import APIView
from rest_framework.response import Response

from .permissions import IsActive   # Path to our custom permission

class ExampleView(APIView):
    permission_classes = (IsActive,)

    def get(self, request, format=None):
        content = {
            'status': 'request was permitted'
        }
        return Response(content)
Score: 2

I took this idea and got it to work like 5 so:

class genericPermissionCheck(permissions.BasePermission):
    
    def __init__(self, action, entity):
        self.action = action
        self.entity = entity
    
    def has_permission(self, request, view):
        print self.action
        print self.entity
        if request.user and request.user.role.access_rights.filter(action=self.action,entity=self.entity):
            print 'permission granted'            
            return True
        else:
            return False

I used partially in the decorator for 4 the categories action in my viewset class 3 like so:

    @list_route(methods=['get'],permission_classes=[partial(genericPermissionCheck,'Fetch','Categories')])
    def Categories(self, request):

"access_rights" maps to 2 an array of objects with a pair of actions 1 and object e.g. 'Edit' and 'Blog'

Source: stackoverflow.com

More Related questions

MongoDB only works when run as root on Ubuntu - data directory issue

What do the different DCOM / COM security settings mean?

rsync backup to external hard disk exFat fails

unable to access '/Users/dida/.config/git/attributes': Permission denied

Permission Denial: opening provider com.android.providers.media.MediaDocumentsProvider when RESTARTING the app

Playstore prompts to 'Declare sensitive permissions'

What causes Python socket error?

Check for writing permissions to file in Windows/Linux

Show the permission of a indexed file in git

Not trusting file .hg/hgrc from untrusted user root, group dev