From 35025adef8e12e1741e4897e47cec56e1e372edd Mon Sep 17 00:00:00 2001
From: Rasheed Azeez <41340380+RashA07@users.noreply.github.com>
Date: Wed, 17 Feb 2021 19:30:28 +0800
Subject: [PATCH] Update perms_map in DjangoModelPermissions and
 DjangoObjectPermissions

Django permissions allows for 'view_modelname'. When users have view_modelname permission, these permission classes don't recognize it and reject access to the user.

My specific case was assigning customers to a group with the group having specific permissions allowed from the model permissions. Made this edit in an extension of DjangoModelPermissions to make it work. Thought it would be useful to have inherently.
---
 rest_framework/permissions.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py
index 3a8c58064..f376ce837 100644
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@@ -175,7 +175,7 @@ class DjangoModelPermissions(BasePermission):
     # Override this if you need to also provide 'view' permissions,
     # or if you want to provide custom permission codes.
     perms_map = {
-        'GET': [],
+        'GET': ['%(app_label)s.view_%(model_name)s'],
         'OPTIONS': [],
         'HEAD': [],
         'POST': ['%(app_label)s.add_%(model_name)s'],
@@ -252,7 +252,7 @@ class DjangoObjectPermissions(DjangoModelPermissions):
     provide a `.queryset` attribute.
     """
     perms_map = {
-        'GET': [],
+        'GET': ['%(app_label)s.view_%(model_name)s'],
         'OPTIONS': [],
         'HEAD': [],
         'POST': ['%(app_label)s.add_%(model_name)s'],