Hi!
Do I have different endpoints for users with different permissions?
1 endpoint for each level of permissions?
Do you have best practices about what to put, and what don't in permission classes?

@HomaDev Hello 👋

Permissions are usually connected to the domain / business layer and you can handle them in the services.

Generally speaking, we differentiate between permissions like that:

1. Framework related permissions - "Is the user authenticated" - this is usually handled on the API level.
2. Business level permissions - "Can this particular user do this particular action?" - this is usually handled on the service layer.
3. Now, if you have a more simplified case, where, for example, you have normal users & admin users & all admin users can do the same stuff, you can handle that straight on the API layer. I'd create an AdminApi base class, which I'll inherit at every place that I want this to be enforced.
4. Now, if you have endpoints, that behave differently, based on the permission level - this should be handled on the service layer.

Cheers!

@RadoRado Thanks for answer!

Closing this issue