I'm using DRF and NextJS(app router) to build an application with a search feature that saves the authenticated user's search history. The search history is their search terms with a timestamp and ...

I have created a viewset for authentication. Since this is the authentication viewset, I want this viewset to be accessible to unauthorized users as well. Following DRF documentation, this is what I ...

I have a class based APIVIEW and I want to prevent a normal user (isstaff=false, is_superuser=false) from creating a customer. class CustomerPageView(APIView): # permission_required = 'api....

I'm starting to write tests for my endpoint, "categories/", and I can't get past a custom permission that I have added to the view that is being tested. In this permission, it checks the ...

I have a Django REST framework viewset with multiple actions such as list, create, and more. When I send a GET request, I noticed that some actions are executed multiple times, and the action is ...

I have a Django REST_framework api and I have a UserViewSet class. For this view set I would like that anyone reaching the url can use the post method of the Viewset but cannot see all the users ...

I'm building an API using Django Rest Framework (DRF) and I'm facing an issue with rate limiting. Specifically, I need to set different rate limits for different types of users: Staff members: 1000 ...

I have a model with field instances and have views. Can i make so that when you redirect to to main page you can see only ID, title, deadline, done? But when you redirect to the detail page you can ...

In this code, only the author of the post can edit his post. How can it also be made so that each author can see only his posts? from rest_framework import permissions class IsAuthorOrReadOnly(...

I've got a tiny function that just looks to get a response from my DRF API Endpoint. My DRF settings look like this: "DEFAULT_AUTHENTICATION_CLASSES": [ # Enabling this it will ...

I am confused with the BasePermission in Django-rest-framework. Here I defined a class: IsAuthenticatedAndOwner. class IsAuthenticatedAndOwner(BasePermission): message = 'You must be the owner of ...

I am using Django REST Framework to access a resource 'user'. As user information is personal, I do not want a GET request to list every user on the system, UNLESS they are an admin. If the user ...