Using a permission class on a detail route

Question

How can I only apply a permission class to a detail route?

class EventViewSet(viewsets.ModelViewSet):

    @detail_route(methods=[\'post\'])
    def messages(sel         


        

Answer 1

If you have a problem with permissions_classes in your custom actions in the ViewSet, try to use this decorator on your action. Probably the newest Django Rest Framework is not looking at permissions. Solution for this situation is to check it by yourself at the beggining of every custom action or to use following decorator:

def check_permissions(fun):
    def ref(self, request, pk=None):
        obj = get_object_or_404(self.get_queryset(), pk=pk)
        self.check_object_permissions(self.request, obj)

        return fun(self, request, pk)

    return ref

Answer 2

Update-1

From DRF 3.8 onwards, detail_route decorator has replaced with action decorator.

class EventViewSet(viewsets.ModelViewSet):
    @action(permission_classes=[permissions.PermissionClass_], methods=['post'])
    def messages(self, request, pk=None):
        # your view code

Original post

You can add permissions basically by doing this:

class EventViewSet(viewsets.ModelViewSet):
    @detail_route(
        permission_classes=[
            permissions.PermissionClass_],
        methods=['post'])
    def messages(self, request, pk=None):
        ### Check a permissions class.
        ...

Answer 3

in django rest 3.8 detail route is deprecated in favor of action route so now it would look something like this.

from rest_framework.decorators import api_view, permission_classes

class EventViewSet(viewsets.ModelViewSet):

    @action(
        methods=['post'],
        detail=True,
        permission_classes=[YourPermission]
        url_path='messages')
    def messages(self, request, pk=None):
        return Response("200", status=200)