From d1d7161fd7a18ed46c1b53de77e7042f6a9e9b3d Mon Sep 17 00:00:00 2001 From: Adam Goldsmith Date: Sat, 24 Dec 2022 14:21:25 -0500 Subject: [PATCH] Use view permission for GET requests in DRF --- cmsmanage/drf_permissions.py | 10 ++++++++++ cmsmanage/settings/base.py | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 cmsmanage/drf_permissions.py diff --git a/cmsmanage/drf_permissions.py b/cmsmanage/drf_permissions.py new file mode 100644 index 0000000..7c4fec1 --- /dev/null +++ b/cmsmanage/drf_permissions.py @@ -0,0 +1,10 @@ +import copy + +from rest_framework.permissions import DjangoModelPermissions + + +class DjangoModelPermissionsWithView(DjangoModelPermissions): + def __init__(self): + super().__init__() + self.perms_map = copy.deepcopy(self.perms_map) + self.perms_map["GET"] = ["%(app_label)s.view_%(model_name)s"] diff --git a/cmsmanage/settings/base.py b/cmsmanage/settings/base.py index 3fe3bd0..fcae944 100644 --- a/cmsmanage/settings/base.py +++ b/cmsmanage/settings/base.py @@ -100,7 +100,9 @@ WIKI_URL = "https://wiki.claremontmakerspace.org" # Django Rest Framework REST_FRAMEWORK = { # Use Django's standard `django.contrib.auth` permissions - "DEFAULT_PERMISSION_CLASSES": ["rest_framework.permissions.DjangoModelPermissions"], + "DEFAULT_PERMISSION_CLASSES": [ + "cmsmanage.drf_permissions.DjangoModelPermissionsWithView" + ], "DEFAULT_AUTHENTICATION_CLASSES": [ "rest_framework.authentication.SessionAuthentication", "rest_framework.authentication.TokenAuthentication",