I need to check different types of permissions for different types of actions from request user. For example get
permission only need [IsAuthenticated]
but when user request perform_create
method. I want to implement another permission that is CanCreateProject
permissions.py
class CanCreateProject(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
return True
else:
return request.user.profile_limitation.can_create_project
views.py
class ProjectView(ModelViewSet):
serializer_class = ProjectSerializer
permission_classes = [IsAuthenticated]
def get_queryset(self):
queryset = Project.objects.all()
organization = self.request.user.organization
query_set = queryset.filter(organization=organization)
return query_set
def perform_create(self, serializer):
self.permission_classes = [CanCreateProject] ## here
project = self.request.data["project_name"]
path = self.request.data["project_name"]
organization = self.request.data["organization"]
serializer.save(project_name=project, project_path=path, organization=organization)
How can I run the CanCreateProject
method only for perform_create method is requested.