Skip to content

Discussion: Include a IsSuperUser within the permissions.py #9745

Description

@robotichead

Before I start, I have read the following tickets;

And I do agree with the outcome of these tickets. tldr;

I think it's close enough to be clear. We've not had the ticket raised before, and that class has been in place for a long time now.

We have a specific case where we only want super users to access a certain API node. We don't want "is_staff" users to access it, only "is_superusers". The fix for us at the moment is the following code;

class IsSuperUser(BasePermission):
    """
    Allows access only to super users.
    """

    def has_permission(self, request, view):
        return bool(request.user and request.user.is_superuser)

This has clearly been copied from-

class IsAdminUser(BasePermission):
- and modified.

Should a permission like this be included within the Django-Rest-Framework, or are we a special case?

Thank you :)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions