I have created an API and I am trying to provide permissions to the views in my API app. I have assigned users to groups with permissions in my admin portal and then I am using DjangoModelPermissions in my views so that the permissions behave according to the admin portal which is not working. When I use IsAdminUser then its working it is preventing other users to read the view. but for DjangoModelPermissions it is not working.
In simple terms I want to block access to views for few users even after assigning permissions and passing this value DjangoModelPermissions in permission glass that user is still able to get access for that view.
Users and Groups in my admin group One super_user assigned to Developers groups with all permissions. One Testuser assigned to Language groups with only access to language view.
The code for Model
```Python
from django.db import models
class Paradigm(models.Model):
name = models.CharField(max_length=50)
def __str__(self):
return self.name
# Create your models here.
class Language(models.Model):
name = models.CharField(max_length=50)
paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)
# this method will help us to get the actual Name insted of object name
def __str__(self):
return self.name
class Programmer(models.Model):
name = models.CharField(max_length=50)
languages = models.ManyToManyField(Language)
def __str__(self):
return self.name
The Code for view
from django.shortcuts import render
from rest_framework import viewsets, permissions
from .models import Language, Programmer, Paradigm
from .serializers import LanguageSerializer, ParadigmSerializer, ProgrammerSerializer
from rest_framework.permissions import BasePermission, IsAdminUser, DjangoModelPermissions
# Create your views here.
class LanguageView(viewsets.ModelViewSet):
queryset = Language.objects.all()
serializer_class = LanguageSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ProgrammerView(viewsets.ModelViewSet):
queryset = Programmer.objects.all()
serializer_class = ProgrammerSerializer
#This Below line is working only for Admin user
permission_classes = [IsAdminUser]
Please help me here as I am new to Django. Thanks.
create permissions.py file as:
from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
perms_map = {
'GET':['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
extend the default DjangoModelPermissions, and add this perms_map also, update your views.py as:
from .permissions import D7896DjangoModelPermissions
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
permission_classes = [D7896DjangoModelPermissions]
this worked for me :)