djangodjango-rest-frameworkdjoser

Djoser permissions override


i have this endpoint /auth/users/ which shows all the users and their data and only the admin can see all the users data ,the current user can only see his data(email,first_name,last_name...) so I want any user to get the data of all the users I changed the djoser settings to this but still I get only the current user data how can I fix this?

DJOSER = {
    'PERMISSIONS': {
 
    'user': ['rest_framework.permissions.IsAuthenticated'],
    'user_list': ['rest_framework.permissions.IsAuthenticated'],
 
    },
    'SERIALIZERS': {
        'user_create': 'core.serializers.UserCreateSerializer',
        'current_user': 'core.serializers.UserSerializer',
        'user': 'core.serializers.CurrentUserSerializer',
 
    }
} ```

Solution

  • Solution: u need to set hide_users to false

    DJOSER = {
        'HIDE_USERS': False,
        'PERMISSIONS': {
    
        'user': ['rest_framework.permissions.IsAuthenticated'],
        'user_list': ['rest_framework.permissions.IsAuthenticated'],
        },
        'SERIALIZERS': {
            'user_create': 'core.serializers.UserCreateSerializer',
            'current_user': 'core.serializers.UserSerializer',
            'user': 'core.serializers.CurrentUserSerializer',
    
        }
    }