[Answered ]-Why permission denied for superuser in drf?

1👍

You could change your permission class to something like this:

from rest_framework.permissions import BasePermission
class MyPermission(BasePermission):

    def has_permission(self, request, view):
        if request.user.is_superuser:
            return True
        qs = myqs
        if request.method in ['put', 'patch']:
            return qs.filter(change=True).exists()
        elif request.method == 'post':
            return qs.filter(create=True).exists()
        elif request.method in SAFE_METHODS:
            return qs.filter(view=True).exists()
        elif request.method == 'delete':
            return qs.filter(delete=True).exists()
        else:
            return False

The reason you have to do this is because DRF does not consider superuser unless you’re using DjangoModelPermissions

EDIT

Only thing I can think of is that you inherit all permission classes from a custom permission class that checks if user is admin. Then you don’t have to check in every single one.

from rest_framework.permissions import BasePermission

# You can put this class in a separate file like
# 'base_permission.py' and import it anywhere you need it.
class SuperUserAllowAllPermission:

    def has_permission(self, request, view):
        if request.user.is_superuser:
            return True
        return super().has_permission(request, view)

class MyPermission(SuperUserAllowAllPermission, BasePermission):
    def has_permission(self, request, view):
        qs = myqs
        if request.method in ['put', 'patch']:
            return qs.filter(change=True).exists()
        elif request.method == 'post':
            return qs.filter(create=True).exists()
        elif request.method in SAFE_METHODS:
            return qs.filter(view=True).exists()
        elif request.method == 'delete':
            return qs.filter(delete=True).exists()
        else:
            return False

class MyOtherPermission(SuperUserAllowAllPermission, BasePermission):
    def has_permission(self, request, view):
        if request.method == 'get':
            return True
        return False
            

Leave a comment