{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Melony? 的问题《django-rest-framework : setting per user permissio》','https://www.manongdao.com/q-700769.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have REST api created using DRF 3.0.1. If I use the permission class rest_framework.permissions.IsAuthenticated, any authenticated user can perform GET, POST, etc. actions for any user as long he has a valid token.
I want to set per user permissions in that an admin user can see and update all users' data but any non-admin user should only be able to see and update only his data.
From the examples I have seen so far, it seems like rest_framework.permissions.DjangoObjectPermissions is the class I need to use. However, the examples use Class Based Views.
I have used Function Based Views in my code. Is it possible to implement this using function based views? Doing queryset = <Model>.objects.non() as suggested in DRF doc doesn't help. It complains Cannot apply DjangoModelPermissions on a view that does not have .model or .queryset property.
Is there a way I can do this without moving from FBVs to CBVs?
Are you using
api_viewdecorator of DRF?if so, you might find
rest_framework.decorators.permission_classesuseful.@permission_classes([SomePermission])