Django REST field level costume permissions in a ViewSet

Question

I'd like to validate whether users have permission to update a "shared_with" field , right now I'm doing it with a direct call to .has_perm, but this seems to not scalable, anyone know what's the best practice in this case?

views.py:

class MyViewSet(viewsets.ModelViewSet):
    @staticmethod
    def _check_sharing_permission(request: Request):
        if request.data.get('shared_with') and not 
        request.user.has_perm(CAN_SHARE_PERMISSION_CODENAME):
            raise PermissionDenied('you shall not pass!')

    def update(self, request, *args, **kwargs):
        self._check_sharing_permission(request)
        return super().update(request, *args, **kwargs)

Found the answer in this thread, no need to use has_perm the intermidiet table can be referenced: — NOOBAF, Jan 08 '21 at 06:44

score 0 · Answer 1 · answered Jan 08 '21 at 06:45

0

Found the answer here: How do I access the properties of a many-to-many "through" table from a django template?

No need to use has_perm The intermediate table can be referenced in such cases

answered Jan 08 '21 at 06:45

NOOBAF

125
1
2
10

Django REST field level costume permissions in a ViewSet

1 Answers1