14👍
✅
The behavior you are experiencing is absolutely normal, that’s how DRF was designed. If you want to have at least one of those permission classes, you need to specify a more ‘complex’ condition. This is a very good example of what you might use. After you install it, you can use it like this:
from rest_condition import Or
...
permission_classes = (Or(permissions.IsAdminUser, TokenHasReadWriteScope),)
25👍
With version 3.9 and above of Django Rest Framework, they have built-in support for composable permission classes and you can use and/or-operators out of the box:
permission_classes = [IsAuthenticated & (ReadOnly | IsAdmin)]
- Store browser tab specific data
- Creating an entire web application using django admin
- How can I insert parameters in raw SQL in Django Python
- Django: Tweaking @login_required decorator
- How does one use a custom widget with a generic UpdateView without having to redefine the entire form?
Source:stackexchange.com