DRF Allow post put only to superuser

Django -- Posted on Sept. 12, 2024

DRF allow post put only to superuser

              
                from rest_framework.permissions import BasePermission, SAFE_METHODS

class IsSuperUserForWrite(BasePermission):
    """
    Custom permission to only allow superusers to perform POST and PUT requests.
    """
    
    def has_permission(self, request, view):
        # Allow all users to perform SAFE_METHODS (GET, HEAD, OPTIONS)
        if request.method in SAFE_METHODS:
            return True
        
        # Allow only superusers for POST and PUT methods
        if request.method in ['POST', 'PUT']:
            return request.user and request.user.is_superuser
        
        # Allow all other methods (e.g., DELETE) based on other logic if necessary
        return True

Related Posts

Add multiple content to static page
Add multiple content to static page
django form invalid mixin
django form invalid mixin
django bootstrap4 form snippets
django bootstrap4 form snippets
Django json decimal encoder
Django json decimal encoder
django delete model function
django delete model function
Django custom simple tags
Django custom simple tags