The problem
I am using Django REST Framework - and so far I have been using the DjangoObjectPermissions permissions class. I use django-rules to determine which users have permissions for objects.
However, this permissions class seems to deny read access to anonymous users.
I need to find the best way to allow read-only access to all users (authenticated or not). For additions, modifications and deletions - the object permissions should be applied as normal.
What is the best approach to solving this problem? Django does not seem to provide a can_view permission by default.
Perhaps this will involve manually adding a can_view permission for each model. Or maybe it's better to somehow implement a DjangoObjectPermissionsOrAnonReadOnly permissions class?
The fix was actually really simple. It's possible to create a custom permissions class extending DjangoObjectPermissions, and to override the authenticated_users_only variable.
class DjangoObjectPermissionsOrAnonReadOnly(DjangoObjectPermissions):
authenticated_users_only = False