Django-REST Framework Object Level Permissions and User Level Permissions

Let us cosider the scenario  of Authors, Books, Readers.

Authors are only allowed to write the books

Readers are only allowed to read the Books.

models.py

from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
 
class User(AbstractBaseUser, PermissionsMixin):
    USER_TYPES = (
       ("Author", "Author"),
       ("Reader", "Reader"),
       ("Publisher", "Publisher")
    )
    username = models.CharField(max_length=100, unique=True)
    first_name = models.CharField(_("first name"), max_length=30, blank=True, null=True)
    last_name = models.CharField(_("last name"), max_length=30, blank=True, null=True)
    email = models.EmailField(_("email address"), unique=True)
    is_staff = models.BooleanField(_("staff status"), default=False)
    is_active = models.BooleanField(_("active status"), default=True)
    user_type = models.CharField(choices=USER_TYPES)
    
    def __str__(self):
       return self.email

class Book(models.Model):
    READ_OPTIONS = (
    	('YES', 'YES'),
    	('NO', 'NO')
    )
    name = models.CharField(max_length=300)
    pages = models.IntegerField()
    price = models.DecimalField(max_digits=10, decimal_places=2)
    rating = models.FloatField()
    is_allowed_to_read = models.CharField(choices=READ_OPTIONS)

    def __str__(self):
    	return self.name

permissions.py

from rest_framework.permissions import BasePermission

class IsAllowedToWrite(BasePermission):
    
    def has_permission(self, request, view):
        return request.user.user_type == "Author"


class IsAllowedToRead(BasePermission):
    
    def has_object_permission(self, request, view, obj):
        return obj.is_allowed_to_read == "YES"

views.py

from rest_framework import generics
from app.permissions import IsAllowedToWrite, IsAllowedToRead
from app.serializers import WriteBookSerializer, 


class WriteBookView(generics.CreateAPIView):
	
    serializer_class = WriteBookSerializer
    permission_classes = (IsAllowedToWrite,)


class ReadBookView(generics.RetrieveAPIView):
	
    serializer_class = ReadBookSerializer
    permission_classes = (IsAllowedToWrite,)

Find our Django REST Framework Development Services

for more details visit rest-framework documentaion or source code github 

 

Posted On 25 January 2017 By MicroPyramid


Previous post Next post

Need any Help in your Project?Let's Talk

Latest Comments
Understanding Django Permissions And Groups

Django comes with a simple permissions system. It provides a way to assign permissions to specific users and groups of users. We can have permissions ...

Continue Reading...
Hosting Django Application with Nginx and UWSGI

Django is a python based web- application development framework. Setting up a sample app and running it as easy as pie. Nginx is a webserver ...

Continue Reading...
Querying with Django Q objects

Querying with Django Q objects: Q object encapsulates a SQL expression in a Python object that can be used in database-related operations. Using Q objects ...

Continue Reading...

Django-CRM :Customer relationship management based on Django

Django-blog-it : django blog with complete customization and ready to use with one click installer Edit

Django-webpacker : A django compressor tool

Django-MFA : Multi Factor Authentication

Docker-box : Web Interface to manage full blown docker containers and images

 More...

Subscribe To our news letter

Subscribe and Stay Updated about our Webinars, news and articles on Django, Python, Machine Learning, Amazon Web Services, DevOps, Salesforce, ReactJS, AngularJS, React Native.
* We don't provide your email contact details to any third parties