How to get OR permissions instead of AND in REST framework
It seems that permission classes are ANDed when REST framework checks permissions. That is every permission class needs to return True for permission to be granted. This makes t
-
You need to build your own custom http://www.django-rest-framework.org/api-guide/permissions/#custom-permissions as described in the docs.
Something like:
from rest_framework import permissions class IsAdminOrStaff(permissions.BasePermission): message = 'None of permissions requirements fulfilled.' def has_permission(self, request, view): return request.user.is_admin() or request.user.is_staff()Then in your view:
permission_classes = (IsAdminOrStaff,)
加载中...
- 热议问题