I'm using Djoser and I need only admins to be able to register new users.
I set in global settings this permission classes:
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
],
so admins can edit, users can see, others can nothing.
But this rule doesn't share on the Djoser registration module which is on POST auth/users. How to setup special permission rule for it?
Solved: in DJOSER settings is PERMISSIONS field which allows to setting some user actions - more info here