Django REST Framework viewset per-action permissions

Question

Is there a best practice to assign a different permission to each action of a given APIView or ViewSet?

Let\'s suppose I defined some permis

Answer 1

Django has a persmissions class called DjangoObjectPermissions which uses Django Guardian as an authentication backend.

When you have Django guardian active in your settings you just add permission_classes = [DjandoObjectPermissions] to your view and it does permission authentication automatically, so you can 'CRUD' based on the permission set to a particular django.contrib.auth group or user.

See a gist with an example.

You can set Django Guardian as your authentication backed http://django-guardian.readthedocs.org/en/latest/installation.html