How to manage roles and permission in Django Rest framework mongoengine

Question

I am building a Restapi using Django and Rest framework and mongoengine, so far all requests require a user to be authenticated and check against a token.

But now I need to allow different actions to different users. I don't know where to begin. Any guidelines ?

For example I want only the admin to be able to write and read users objects:

class UsersViewSet(ModelViewSet):
    queryset = Users.objects.all()
    serializer_class = UsersSerializer

    def me(self, request, *args, **kwargs):
        serializer = self.serializer_class(request.user)
        return Response(serializer.data)

zxzak · Accepted Answer · 2016-08-11T13:25:47.170

3

Read the chapter on custom permisssion. You will want to extend permissions.BasePermission and provide the authentication logic inside has_permission.

from rest_framework import permissions

class CustomUserPermission(permissions.BasePermission):

    def has_permission(self, request, view):
        # return True if user has permission
        pass

Then inside your view.

class UsersViewSet(ModelViewSet):
    permission_classes = (CustomUserPermission,)

edited Aug 11 '16 at 13:25

answered Aug 11 '16 at 13:12

zxzak

8,985
4
27
25

Exactly what I needed. Thank you – elhoucine Aug 12 '16 at 10:34

How to manage roles and permission in Django Rest framework mongoengine

1 Answers1