DRF Allow post put only to superuser

Django -- Posted on Sept. 12, 2024

DRF allow post put only to superuser

              
                from rest_framework.permissions import BasePermission, SAFE_METHODS

class IsSuperUserForWrite(BasePermission):
    """
    Custom permission to only allow superusers to perform POST and PUT requests.
    """
    
    def has_permission(self, request, view):
        # Allow all users to perform SAFE_METHODS (GET, HEAD, OPTIONS)
        if request.method in SAFE_METHODS:
            return True
        
        # Allow only superusers for POST and PUT methods
        if request.method in ['POST', 'PUT']:
            return request.user and request.user.is_superuser
        
        # Allow all other methods (e.g., DELETE) based on other logic if necessary
        return True

Related Posts

Django Ajax Mixin helpers
Django Ajax Mixin helpers
Django template tag to return model form model name as string
Django template tag to return model form model name as string
Django dynamic form class
Django dynamic form class
Create django groups with management command
Create django groups with management command
Django Timestamped Model
Django Timestamped Model
Basic celery.py django
Basic celery.py django