REST_FRAMEWORK = {
...
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
from rest_framework.permissions import IsAuthenticatedOrReadOnly
...
class PersonViewSet(viewsets.ModelViewSet):
queryset = Person.objects.all()
serializer_class = PersonSerializer
permission_classes = (IsAuthenticatedOrReadOnly,)
from rest_framework import permissions
class PersonOrReadOnly(permissions.BasePermission):
def has_permission(self, request, view):
return (request.method in permissions.SAFE_METHODS
or request.user.is_authenticated)
def has_object_permission(self, request, view, obj):
return obj.person == request.user
from .permissions import PersonOrReadOnly
class PersonViewSet(viewsets.ModelViewSet):
queryset = Person.objects.all()
serializer_class = PersonSerializer
permission_classes = (PersonOrReadOnly,