Закончилось создание собственного настраиваемого DjangoModelPermissions без проверки набора запросов для получения модели, а создания нескольких дочерних классов для каждой указанной c модели.
from rest_framework import permissions
from django.apps import apps
class BaseCustomModelPermissions(permissions.BasePermission):
model_cls = None
perms_map = {
'GET': [],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
authenticated_users_only = True
def get_required_permissions(self, method):
"""
Given a model and an HTTP method, return the list of permission
codes that the user is required to have.
"""
kwargs = {
'app_label': self.model_cls._meta.app_label,
'model_name': self.model_cls._meta.model_name
}
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
perms = self.get_required_permissions(request.method)
return request.user.has_perms(perms)
Пример дочернего класса:
class SomeModelPermissions(BaseCustomModelPermissions):
model_cls = apps.get_model('my_app', 'its_Model')