Kieran Kieran - 7 months ago 51
Python Question

Object permissions with read only access for anonymous users in Django Rest Framework

The problem

I am using Django REST Framework - and so far I have been using the

permissions class. I use
to determine which users have permissions for objects.

However, this permissions class seems to deny read access to anonymous users.

I need to find the best way to allow read-only access to all users (authenticated or not). For additions, modifications and deletions - the object permissions should be applied as normal.

What is the best approach to solving this problem? Django does not seem to provide a
permission by default.

Perhaps this will involve manually adding a
permission for each model. Or maybe it's better to somehow implement a
permissions class?


The fix was actually really simple. It's possible to create a custom permissions class extending DjangoObjectPermissions, and to override the authenticated_users_only variable.

class DjangoObjectPermissionsOrAnonReadOnly(DjangoObjectPermissions):
    authenticated_users_only = False