How to write permissions in a viewset with conditional statements in DRF?

Question

I have a viewset written in DRF:

class MyViewSet(ModelViewSet):
    serializer_class = MySerializer
    queryset = models.MyClass.objects.all()

    def get_serializer_class(self):
        permission = self.request.user.permission
        if permission=='owner' or permission=='admin': 
            return self.serializer_class
        else:
            return OtherSerializer

    def perform_create(self, serializer):
        permission = self.request.user.permission
        if permission=='owner' or permission=='admin': 
            serializer.save() 

        else:
            employee = models.Employee.objects.get(user=self.request.user)
            serializer.save(employee=employee)

Here, I am using the following statements in both get_serializer_class and perform_create which looks like a repetitive code:

permission = self.request.user.permission
        if permission=='owner' or permission=='admin':

Is there any way to write it once and then use it as a permission_class somehow?

score 0 · Answer 1 · answered Jan 23 '23 at 08:27

Create a Custom Permission class https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions

from rest_framework.permissions import BasePermission, SAFE_METHODS
    class CustomPermission(BasePermission):
        def has_permission(self, request, view):
            if request.method in SAFE_METHODS:
                return True
            permission = self.request.user.permission
            if permission=='owner' or permission=='admin': 
                return True
            return False

in Views.py

class MyViewSet(ModelViewSet):
    serializer_class = MySerializer
    queryset = models.MyClass.objects.all()
    permission_classes = (CustomPermission,)

How different serializers will be called on the basis of permission criteria inside get_serializer_class if I apply permission like this in ModelViewSet? — Waleed Farrukh, Jan 23 '23 at 20:37
If logged in user is owner or admin, self.serializer has to be called, otherwise OtherSerializer will be called. — Waleed Farrukh, Jan 23 '23 at 20:40

How to write permissions in a viewset with conditional statements in DRF?

1 Answers1