1👍
You could change your permission class to something like this:
from rest_framework.permissions import BasePermission
class MyPermission(BasePermission):
def has_permission(self, request, view):
if request.user.is_superuser:
return True
qs = myqs
if request.method in ['put', 'patch']:
return qs.filter(change=True).exists()
elif request.method == 'post':
return qs.filter(create=True).exists()
elif request.method in SAFE_METHODS:
return qs.filter(view=True).exists()
elif request.method == 'delete':
return qs.filter(delete=True).exists()
else:
return False
The reason you have to do this is because DRF does not consider superuser unless you’re using DjangoModelPermissions
EDIT
Only thing I can think of is that you inherit all permission classes from a custom permission class that checks if user is admin. Then you don’t have to check in every single one.
from rest_framework.permissions import BasePermission
# You can put this class in a separate file like
# 'base_permission.py' and import it anywhere you need it.
class SuperUserAllowAllPermission:
def has_permission(self, request, view):
if request.user.is_superuser:
return True
return super().has_permission(request, view)
class MyPermission(SuperUserAllowAllPermission, BasePermission):
def has_permission(self, request, view):
qs = myqs
if request.method in ['put', 'patch']:
return qs.filter(change=True).exists()
elif request.method == 'post':
return qs.filter(create=True).exists()
elif request.method in SAFE_METHODS:
return qs.filter(view=True).exists()
elif request.method == 'delete':
return qs.filter(delete=True).exists()
else:
return False
class MyOtherPermission(SuperUserAllowAllPermission, BasePermission):
def has_permission(self, request, view):
if request.method == 'get':
return True
return False
Source:stackexchange.com