The permissions module bundles a set of permission classes that are used
for checking if a request passes a certain set of constraints. You can assign a permission
class to your view by setting your View’s permissions class attribute.
-
class permissions.BasePermission(view)[source]
A base class from which all permission classes should inherit.
-
check_permission(auth)[source]
Should simply return, or raise an response.ErrorResponse.
-
class permissions.FullAnonAccess(view)[source]
Allows full access.
-
class permissions.IsAuthenticated(view)[source]
Allows access only to authenticated users.
-
class permissions.IsAdminUser(view)[source]
Allows access only to admin users.
-
class permissions.IsUserOrIsAnonReadOnly(view)[source]
The request is authenticated as a user, or is a read-only request.
-
class permissions.PerUserThrottling(view)[source]
Limits the rate of API calls that may be made by a given user.
The user id will be used as a unique identifier if the user is
authenticated. For anonymous requests, the IP address of the client will
be used.
-
class permissions.PerViewThrottling(view)[source]
Limits the rate of API calls that may be used on a given view.
The class name of the view is used as a unique identifier to
throttle against.
-
class permissions.PerResourceThrottling(view)[source]
Limits the rate of API calls that may be used against all views on
a given resource.
The class name of the resource is used as a unique identifier to
throttle against.