Restrict Django Rest Framework for all users except super users
Question
Can I restrict my Django Rest Framework to be only accessed by super users?
Can I add a decorator to the urls so that the url is only accessed by super users:
url(r'^api/', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
1 answers
solution1
4 ACCPTED 2016-10-04 14:35:04
If you want to allow any staff member to access the API, then it's easy
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser',
)
}
For super user, there isn't a built in permissions class, but we can make one easily.
from rest_framework import permissions
class SuPermission(permissions.BasePermission):
def has_permission(self, request, view):
return request.user.is_authenticated() and request.user.is_superuser
and then
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'myapp.permissions.SuPermission',
)
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Django REST Framework: restrict data records access to the users created them
How to restrict Django Rest Framework browsable API interface to admin users
Restrict roles for users management inside a Company object in Django Rest Framework
Django REST Framework - serializer users
Django Rest Framework, importing users
How to count all the users that are currently logged In ? (Django rest framework)
Restrict Django admin to only allow super-users
How can I restrict access to a view to only super users in Django
why im unable to authenticate other users except the super user in django?
Restrict users in django
Related Tags