Django REST Framework viewset per-action permissions

Question

Is there a best practice to assign a different permission to each action of a given APIView or ViewSet?

Let\'s suppose I defined some permis

Answer 1

You can create a custom permission class extending DRF's BasePermission.

You implement has_permission where you have access to the request and view objects. You can check request.user for the appropriate role and return True/False as appropriate.

Have a look at the provided IsAuthenticatedOrReadOnly class (and others) for a good example of how easy it is.

I hope that helps.