Use view permission for GET requests in DRF

cmsmanage/drf_permissions.py

@@ -0,0 +1,10 @@
+import copy
+
+from rest_framework.permissions import DjangoModelPermissions
+
+
+class DjangoModelPermissionsWithView(DjangoModelPermissions):
+    def __init__(self):
+        super().__init__()
+        self.perms_map = copy.deepcopy(self.perms_map)
+        self.perms_map["GET"] = ["%(app_label)s.view_%(model_name)s"]

cmsmanage/settings/base.py

@@ -100,7 +100,9 @@ WIKI_URL = "https://wiki.claremontmakerspace.org"
 # Django Rest Framework
 REST_FRAMEWORK = {
     # Use Django's standard `django.contrib.auth` permissions
-    "DEFAULT_PERMISSION_CLASSES": ["rest_framework.permissions.DjangoModelPermissions"],
+    "DEFAULT_PERMISSION_CLASSES": [
+        "cmsmanage.drf_permissions.DjangoModelPermissionsWithView"
+    ],
     "DEFAULT_AUTHENTICATION_CLASSES": [
         "rest_framework.authentication.SessionAuthentication",
         "rest_framework.authentication.TokenAuthentication",