I am looking for a way to list only certain objects on which user has reader access.

I have looked at Django Documentation and implemented has_object_permission but that does't work for List View.

This is my my_permissions.py file

from rest_framework import permissions


ACCESS_LIST = ["1", "2", "3"] #This is for example this list will be based on user access
class IsUserAdmin(permissions.BasePermission):

    def has_object_permission(self, request, view, obj):
        user = request.session['samlUserdata']
        return obj.Number in ACCESS_LIST

This is my view file

from .models import DemoGroup
from .serializers import dmSerializer
from rest_framework.viewsets import ModelViewSet
from django.shortcuts import get_object_or_404
from rest_framework.views import APIView
from rest_framework import generics
from django.http import JsonResponse
from rest_framework.decorators import action
from rest_framework.response import Response
from rest_framework.permissions import BasePermission
from .my_permissions import IsUserAdmin




ACCESS_LIST = ["1", "2", "3"] #This is for example this list will be based on user access
class DemoViewSet(ModelViewSet):

    permission_classes = (IsUserAdmin,)
    serializer_class = dmSerializer
    queryset = DemoGroup.objects.all()

    # Overriding List View
    def list(self, request):
        user = self.request.session['samlUserdata']
        queryset = DemoGroup.objects.filter(Number__in=ACCESS_LIST)
        serializer = dmSerializer(queryset, many=True)
        return Response(serializer.data)




Currently I am able to filter List View with queryset but I want to explore if there is other efficient method which Django Rest Frameworks provides like permissions which can be leveraged to tackle this issue.