reading-notes

Permissions & Postgresql

SOURCES

VIDEOS

ARTICLES

DRF Permissions Review SQL Prework

NOTES

• Permissions are a way to control access to a resource
• permissions define wether a request is allowed or not
• permissions in rest framework are always defined as a list of permission classes
• the errors for permissions failing are 403 forbidden and 401 unauthorized
• API references:
  • AllowAny:
    • allows unrestricted access, regardless of if the request was authenticated or unauthenticated
    • default permission class
  • isAuthenticated:
    • allows access only to authenticated users
  • isadminuser:
    • allows access only to admin users
  • isauthenticatedorreadonly:
    • allows access to authenticated users and read-only requests
  • djangoModelPermissions:
    • allows access according to user permissions assigned to the user model
  • djangoModelPermissionsOrAnonReadOnly:
    • allows access according to user permissions assigned to the user model and read-only requests
  • djangoObjectPermissions:
    • allows access according to user permissions assigned to the user model