[Fixed]-Django Rest Framework won't let me have more than one permission


The behavior you are experiencing is absolutely normal, that’s how DRF was designed. If you want to have at least one of those permission classes, you need to specify a more ‘complex’ condition. This is a very good example of what you might use. After you install it, you can use it like this:

from rest_condition import Or
permission_classes = (Or(permissions.IsAdminUser, TokenHasReadWriteScope),)


With version 3.9 and above of Django Rest Framework, they have built-in support for composable permission classes and you can use and/or-operators out of the box:

permission_classes = [IsAuthenticated & (ReadOnly | IsAdmin)]

Leave a comment