permissions DjangoModel not applied

[mimo1612]

Hi,

I'm using rest_framework_simplejwt.authentication.JWTAuthentication in Django. Some users have limited access in the admin panel (Not POST) With Postman when I'm connecting with Auth Basic, it works. But, with Bearer Token, permissions are not applied. I think simplejwt overwrites the Django permissions.

[Andrew-Chen-Wang]

If you're talking about the views/urls we provide, yes. We disable all permissions on those token views.

https://github.com/jazzband/djangorestframework-simplejwt/blob/1c7f0051178a826390262c68557b69eeeeec71aa/rest_framework_simplejwt/views.py#L10-L11

Now if you're talking about your own views, then you'll need to provide more info. Custom urls? Overridden serializers? Overridden views? What permissions are you using? Are you sure you're actually authenticated to begin with? Did you set authentication inside permission by accident? etc. need reproducing case

[sebpeterson]

I have the same issue.

In settings.py

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
       'rest_framework.permissions.DjangoModelPermissions',
    ],
}

views.py

class ToolViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows Tools to be viewed or edited.
    """
    permission_classes = [DjangoModelPermissions]

    queryset = Tool.objects.all()
    serializer_class = ToolSerializer

Authenticated user that has no "permission groups" attached can CRUD ToolViewSet Going crazy with this one... making SimpleJWT unusable for me. Will try to post code and open a bug.

[pckrishnadas88]

same issue still there anyone found any solutions so far?