[feature request] permission required decorator for drf api views

[Kush Goyal]

Django has a handy decorator to check permissions on a view function. [1]

I request this decorator to be included in DRF.

[1] https://docs.djangoproject.com/en/2.2/topics/auth/default/#the-permission-required-decorator

[Xavier Ordoquy]

Hi,

Class based views have a permission_classes setting (https://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy) and function based views have a @permission_classes decorator (https://www.django-rest-framework.org/api-guide/views/#api-policy-decorators).

What is currently missing that would require another decorator ?

Regards,

Xavier O.

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/d7babd11-0e01-48c4-99fe-e66fc2383c6b%40googlegroups.com.

[Kush Goyal]

permission required decorator is very simple to use if you know exactly which permission to check.

In case of the permission_classes decorator you have to write a permission class.

code examples:

@api_view(['PUT'])
@permission_required('products.change_product')
def archive_product(request, pk):
    product = Product.objects.get(pk=pk)
    product.archive()
    serializer = ProductSerializer(instance=product)
    return Response(serializer.data)

class ProductPermissions(permissions.BasePermission):

    def has_permission(self, request, view):
        if request.user.has_perm('products.change_product'):
            return True
        return False


@api_view(['PUT'])
@permission_classes[ProductPermissions, ]
def archive_product(request, pk):
    product = Product.objects.get(pk=pk)
    product.archive()
    serializer = ProductSerializer(instance=product)
    return Response(serializer.data)

On Monday, July 22, 2019 at 5:13:15 PM UTC+5:30, Xavier Ordoquy wrote:

Hi,

Class based views have a permission_classes setting (https://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy) and function based views have a @permission_classes decorator (https://www.django-rest-framework.org/api-guide/views/#api-policy-decorators).

What is currently missing that would require another decorator ?

Regards,

Xavier O.

Le 22 juil. 2019 à 13:29, Kush Goyal <ku...@sumtracker.com> a écrit :

Django has a handy decorator to check permissions on a view function. [1]

I request this decorator to be included in DRF.

[1] https://docs.djangoproject.com/en/2.2/topics/auth/default/#the-permission-required-decorator

--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsub...@googlegroups.com.