Kieran Kieran - 3 months ago 19
Python Question

Object permissions with read only access for anonymous users in Django Rest Framework

The problem

I am using Django REST Framework - and so far I have been using the

DjangoObjectPermissions
permissions class. I use
django-rules
to determine which users have permissions for objects.

However, this permissions class seems to deny read access to anonymous users.

I need to find the best way to allow read-only access to all users (authenticated or not). For additions, modifications and deletions - the object permissions should be applied as normal.

What is the best approach to solving this problem? Django does not seem to provide a
can_view
permission by default.

Perhaps this will involve manually adding a
can_view
permission for each model. Or maybe it's better to somehow implement a
DjangoObjectPermissionsOrAnonReadOnly
permissions class?

Answer

The fix was actually really simple. It's possible to create a custom permissions class extending DjangoObjectPermissions, and to override the authenticated_users_only variable.

class DjangoObjectPermissionsOrAnonReadOnly(DjangoObjectPermissions):
    authenticated_users_only = False