My problem or question is how to use the permissions assigned to users, whether they are group or individual permissions, so that when a user logs in using the Django Rest Framework, they only have access to the tables to which they have assigned permissions.
Currently if I log in I have access to all the tables, be it the admin user or any other. If you can give me an example, or show me a link where it is exemplified, it would be very helpful.
I leave the repository link on github https://github.com/Weed-Nim/BillAPI.git
For programming use the serializer and viewsets in each of the apps
Here I put pictures of the code:
PD: above is the repository, I only put a quick view of how I work it, although I repeat my doubt is how can I do it so that when a user logs in he only has access to the tables which he has permissions (individual or group) and it does not happen the image thing. Thanks in advance.
In the Django Rest Framework, there are several methods of dealing with permissions. At the basic level, you add the attribute
permission_classesto classes that inherit fromAPIViewto include access permissions. The types of permissions this attribute receives are inrest_framework.permissionsThere is another more advanced way to approach permissions and that is by creating permission classes that inherit from the Rest Framework base class (
rest_framework.permissions.BasePermission). In this case you can do something like: