Django - DRF Advanced Features
You want to create a custom permission that allows access only if the user is authenticated and is the owner of the object. Which is the correct way to combine built-in and custom permissions in DRF?
You want to create a custom permission that allows access only if the user is authenticated and is the owner of the object. Which is the correct way to combine built-in and custom permissions in DRF?
hard📝 Application Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Understand combining permissions in DRF
DRF checks all permissions in the list; all must allow access.Step 2: Check how to combine authentication and ownership
Use IsAuthenticated to check login, and IsOwner to check object ownership via has_object_permission.Step 3: Evaluate options
Set permission_classes = [IsAuthenticated, IsOwner] and implement has_object_permission in IsOwner correctly combines both permissions. Set permission_classes = [IsOwner] only and check authentication inside IsOwner misses separate authentication check. Set permission_classes = [IsAuthenticatedOrReadOnly, IsOwner] and override has_permission in IsOwner mixes permission types incorrectly. Set permission_classes = [IsAuthenticated()] and call IsOwner manually in the view uses instance and manual calls, which is not standard.Final Answer:
Set permission_classes = [IsAuthenticated, IsOwner] and implement has_object_permission in IsOwner -> Option CQuick Check:
Combine permissions in list for layered checks [OK]
Quick Trick: List all needed permissions in permission_classes [OK]
Common Mistakes:
MISTAKES- Skipping IsAuthenticated when ownership matters
- Using instances instead of classes
- Trying to call permissions manually
Master "DRF Advanced Features" in Django
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Django Quizzes