Restrict Django Rest Framework for all users except super users

Question

Can I restrict my Django Rest Framework to be only accessed by super users?

Can I add a decorator to the urls so that the url is only accessed by super users:

url(r'^api/', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),

use login_required or permission_classes

dnit13
– dnit13

2016-10-04 14:19:15 +00:00
Commented Oct 4, 2016 at 14:19 — dnit13
– dnit13, Commented Oct 4, 2016 at 14:19
Write your own permission class and use it in views.

Rohan
– Rohan

2016-10-04 14:35:12 +00:00
Commented Oct 4, 2016 at 14:35 — Rohan
– Rohan, Commented Oct 4, 2016 at 14:35

Amir Afianian · Accepted Answer · 2022-05-29 13:58:37Z

4

If you want to allow any staff member to access the API, then it's easy

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser',
    )
}

For super user, there isn't a built in permissions class, but we can make one easily.

from rest_framework import permissions

class SuPermission(permissions.BasePermission):

    def has_permission(self, request, view):
        return request.user.is_authenticated() and request.user.is_superuser

and then

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'myapp.permissions.SuPermission',
    )
}

edited May 29, 2022 at 13:58

Amir Afianian

2,8274 gold badges26 silver badges49 bronze badges

answered Oct 4, 2016 at 14:35

e4c5

53.9k11 gold badges110 silver badges139 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Restrict Django Rest Framework for all users except super users

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related