Django REST framework object level permissions

Question

I am using Django REST Framework to access a resource \'user\'.

As user information is personal, I do not want a GET request to list every user on the system, UNLESS the

Answer 1

This is a clarification on overriding the has_object_permission() method. Returning False wouldn't work as intended when using complex permissions. Refer to this issue for more details https://github.com/encode/django-rest-framework/issues/7117