I’ve got an endpoint built with Django Rest Framework, to which I now want to add permissions so that only users belonging to a certain group can access an endpoint. So I’m using token based access and inspired by this example I’m trying to use the following code:
class ReadPermission(BasePermission): def has_permission(self, request, view): return request.user.groups.filter(name=settings.GROUP_POST_DATA).exists() class MyEndpoint(mixins.ListModelMixin, viewsets.GenericViewSet): permission_classes = [IsAuthenticated, ReadPermission] http_method_names = ['get'] # etc
But unfortunately I get anAttributeError: 'User' object has no attribute 'groups'
Why doesn’t the user object have groups?
Advertisement
Answer
Seems like you’re not using or inheriting from the default Django User
model (or the AbstractUser
) from django.contrib.auth.models
, which have the ManyToMany relationship to Groups
.
If you’re using some custom User
model you can simply add the PermissionsMixin
from the aforementioned module to inheritance (see docs). And also make sure that django.contrib.auth
is in your INSTALLED_APPS
setting.