I am creating REST API for Product, which has following Permission,
(create_product, view_product, edit_product). In my Project I am having various
users with different roles (Ex: Producer, Retailer, Consumer,...etc). I am
assigning permission to individual Roles. I am using Django Group Permission
Example: The "Producer" role has "create_product" and "view_product"
permission. The "Retailer" role has "edit_product" permission. The "Consumer"
role has no permission.
I want to restrict the Access based on the permission code. I need a generic
approach to solve this. I want to use the same approach for different views
with different permission codes.
In my view.py,
class Product(viewsets.ModelViewSet):
serializer_class = ProductSerializer
queryset = Product.objects.all()
In settings.py, I have added following code.
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
}
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/b67aed04-a096-4c1d-a453-b0be1274dc83%40googlegroups.com.
