Before I start, I have read the following tickets;
And I do agree with the outcome of these tickets. tldr;
I think it's close enough to be clear. We've not had the ticket raised before, and that class has been in place for a long time now.
We have a specific case where we only want super users to access a certain API node. We don't want "is_staff" users to access it, only "is_superusers". The fix for us at the moment is the following code;
class IsSuperUser(BasePermission):
"""
Allows access only to super users.
"""
def has_permission(self, request, view):
return bool(request.user and request.user.is_superuser)
This has clearly been copied from-
|
class IsAdminUser(BasePermission): |
- and modified.
Should a permission like this be included within the Django-Rest-Framework, or are we a special case?
Thank you :)
Before I start, I have read the following tickets;
And I do agree with the outcome of these tickets. tldr;
We have a specific case where we only want super users to access a certain API node. We don't want "is_staff" users to access it, only "is_superusers". The fix for us at the moment is the following code;
This has clearly been copied from-
django-rest-framework/rest_framework/permissions.py
Line 154 in 2ae8c11
Should a permission like this be included within the Django-Rest-Framework, or are we a special case?
Thank you :)