id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 27950 Permission classes for Class Based Views Piotr Szpetkowski Sandeep Pal "I would like to propose to add support for permission classes for generic views (CBV) to make it simpler to add custom requirements per specific view. Syntax could be based on what is done inside DRF at the moment, so setting it up at the view level it would be very simple and convenient: {{{#!python class CustomView(View): permission_classes = (IsAuthenticated, IsReadOnly) }}} That would evaluate to `IsAuthenticated AND IsReadOnly`. I'm not entirely sure however what syntax should support `IsAuthenticated OR IsReadOnly`. One of possible ways is to write one permission class for both conditions called `IsAuthenticatedOrReadOnly` (it's the way DRF is doing it), however it does not sound like the best solution. I suppose that a proper (but not 100% pythonic) way to handle such cases would be to override some operators (e.g. bitwise or - that's what `Q` object does): {{{#!python class CustomView(View): permission_classes = (IsAuthenticated | IsReadOnly,) }}} I suppose that it would be nice to be able to provide list for `permission_classes` as well if anyone would like to do so: {{{#!python class CustomView(View): permission_classes = [IsAuthenticated] }}} In case of not meeting requirements of `permission_classes` it might simply return 403 Forbidden response (with a possibility to provide custom template and maybe also completely override the behavior method?) Thanks to OOP custom permission classes might and should be very simple (just like in DRF): {{{#!python class IsAuthenticated(BasePermission): def has_permission(self, request, view): return request.user and request.user.is_authenticated }}} It's true that similar behavior can be achieved using decorators, however in my opinion decorator syntax is more complicated than a single class attribute. Let's keep in mind that simple is better than complex. I'd gladly start working on it if it turns out to be a good idea. In fact - I've done something alike I've described in here for one of commercial projects and it works great." New feature assigned Generic views dev Normal permissions, view, cbv Someday/Maybe 0 0 0 0 0 0