How to manage roles and permission in Django Rest framework mongoengine

2.8k Views Asked by elhoucine At 11 August 2016 at 10:42

I am building a Restapi using Django and Rest framework and mongoengine, so far all requests require a user to be authenticated and check against a token.

But now I need to allow different actions to different users. I don't know where to begin. Any guidelines ?

For example I want only the admin to be able to write and read users objects:

class UsersViewSet(ModelViewSet):
    queryset = Users.objects.all()
    serializer_class = UsersSerializer

    def me(self, request, *args, **kwargs):
        serializer = self.serializer_class(request.user)
        return Response(serializer.data)

Original Q&A

There are 1 best solutions below

zxzak On 11 August 2016 at 13:12 BEST ANSWER

Read the chapter on custom permisssion. You will want to extend permissions.BasePermission and provide the authentication logic inside has_permission.

from rest_framework import permissions

class CustomUserPermission(permissions.BasePermission):

    def has_permission(self, request, view):
        # return True if user has permission
        pass

Then inside your view.

class UsersViewSet(ModelViewSet):
    permission_classes = (CustomUserPermission,)

How to manage roles and permission in Django Rest framework mongoengine

There are 1 best solutions below

Related Questions in DJANGO

Related Questions in DJANGO-REST-FRAMEWORK

Related Questions in DJANGO-MONGODB-ENGINE

Trending Questions

Popular # Hahtags

Popular Questions