Adding Permissions

Understand the concepts of authentication and authorization and add custom permissions for managing user access and actions in the project.

We'll cover the following

Writing permissions

If authentication is the action of verifying the identity of a user, authorization is simply the action of checking whether the user has the rights or privileges to perform an action.

In our project, we have three types of users:

The anonymous user: This user has no account on the API and can’t really be identified.
The registered and active user: This user has an account on the API and can easily perform some actions.
The admin user: This user has all rights and privileges.

We want anonymous users to be able to read the posts on the API without necessarily being authenticated. While it’s true that there is the AllowAny permission, it’ll surely conflict with the IsAuthenticated permission.

Writing permissions

Therefore, we need to write a custom permission.

Inside the authentication directory, create a file called permissions and add the following content:

Get hands-on with 1200+ tech skills courses.

Getting Started

Creating a Django Project

Authentication and Authorization Using JWTs

Social Media Post Management

Adding Comments to Social Media Posts

Testing the REST API

Creating a Project with React

Building Login and Registration Forms

Social Media Posts

Post Comments

User Profiles

Effective UI Testing for React Components

Deployment Basics—Git, GitHub, and AWS

Dockerizing the Django Project

Automating Deployment on AWS

Deploying Our React App on AWS

Performance, Optimization, and Security

Conclusion

Appendix

Adding Permissions

Writing permissions