[Solved]-Django – Custom permissions for function based views

13πŸ‘

βœ…

It seems like it’s a known issue, has_object_permission is not supported when using function based views, it’s reported here.

If you would like to call has_permission, you should be able to do so using the permission_classes decorator as shown in the documentation

@api_view(['GET'])
@permission_classes((IsAuthenticated, ))
def example_view(request, format=None):
    content = {
        'status': 'request was permitted'
    }
    return Response(content)
πŸ‘€Forge

0πŸ‘

I agree with the @Forge answer but If you still want to accomplish such things. You can follow this-

@api_view(['ANY_METHOD'])
@permission_classes([IsAuthenticated])
def model_delete_view(request, pk, *args, **kwargs):
    obj = MyModel.objects.filter(pk=pk)
    if not obj.exists():
        return Response(
            {'message': 'MyModel not found'},
            status=status.HTTP_404_NOT_FOUND
        )
    obj = obj.filter(user=request.user)
    if not obj.exists():
        return Response(
            {'message': 'You are not authorizated'},
            status=status.HTTP_403_FORBIDDEN
        )
    obj.delete()
    return Response({'message': 'MyModel deleted'}, status=status.HTTP_200_OK)
πŸ‘€Yash

-2πŸ‘

You have to add these words before def function_name ():

from rest_framework.decorators import authentication_classes
@authentication_classes([TokenAuthentication])
def func_name (request):
   # Enter your code here.

Take careful in square brackets

πŸ‘€Ibrahim Samir

Leave a comment