I am looking for a way to list only certain objects on which user has reader access.
I have looked at Django Documentation and implemented has_object_permission but that does't work for List View.
This is my my_permissions.py file
from rest_framework import permissions ACCESS_LIST = ["1", "2", "3"] #This is for example this list will be based on user access class IsUserAdmin(permissions.BasePermission): def has_object_permission(self, request, view, obj): user = request.session['samlUserdata'] return obj.Number in ACCESS_LIST
This is my view file
from .models import DemoGroup from .serializers import dmSerializer from rest_framework.viewsets import ModelViewSet from django.shortcuts import get_object_or_404 from rest_framework.views import APIView from rest_framework import generics from django.http import JsonResponse from rest_framework.decorators import action from rest_framework.response import Response from rest_framework.permissions import BasePermission from .my_permissions import IsUserAdmin ACCESS_LIST = ["1", "2", "3"] #This is for example this list will be based on user access class DemoViewSet(ModelViewSet): permission_classes = (IsUserAdmin,) serializer_class = dmSerializer queryset = DemoGroup.objects.all() # Overriding List View def list(self, request): user = self.request.session['samlUserdata'] queryset = DemoGroup.objects.filter(Number__in=ACCESS_LIST) serializer = dmSerializer(queryset, many=True) return Response(serializer.data)
Currently I am able to filter List View with queryset but I want to explore if there is other efficient method which Django Rest Frameworks provides like permissions which can be leveraged to tackle this issue.