Django REST Framework allows setting certain
permission_classes in order to control access to views.
HaystackGenericAPIView defaults to
rest_framework.permissions.AllowAny which enforce no
restrictions on the views. This can be overridden on a per-view basis as you would normally do in a regular
REST Framework APIView.
Since we have no Django model or queryset, the following permission classes are not supported:
DELETE are not supported since Haystack Views
are read-only. So if you are using the
, this will act just as the
Example overriding permission classes
... from rest_framework.permissions import IsAuthenticated class SearchViewSet(HaystackViewSet): ... permission_classes = [IsAuthenticated]