[Fixed]-Django Rest Framework won't let me have more than one permission

14👍

The behavior you are experiencing is absolutely normal, that’s how DRF was designed. If you want to have at least one of those permission classes, you need to specify a more ‘complex’ condition. This is a very good example of what you might use. After you install it, you can use it like this:

from rest_condition import Or
...
permission_classes = (Or(permissions.IsAdminUser, TokenHasReadWriteScope),)
👤AdelaN

25👍

With version 3.9 and above of Django Rest Framework, they have built-in support for composable permission classes and you can use and/or-operators out of the box:

permission_classes = [IsAuthenticated & (ReadOnly | IsAdmin)]
👤Neman

Leave a comment