This permission class is intended for use with either of the OAuthAuthentication and OAuth2Authentication classes, and ties into the scoping that their backends provide.

Requests with a safe methods of GET, OPTIONS or HEAD will be allowed if the authenticated token has read permission.

Requests for POST, PUT, PATCH and DELETE will be allowed if the authenticated token has write permission.

This permission class relies on the implementations of the django-oauth-plus and django-oauth2-provider libraries, which both provide limited support for controlling the scope of access tokens:

If you require more advanced scoping for your API, such as restricting tokens to accessing a subset of functionality of your API then you will need to provide a custom permission class. See the source of the django-oauth-plus or django-oauth2-provider package for more details on scoping token access.