Default Permissions #8652
Description
Issue:
When you set new permission classes via the class attribute or decorators you're telling the view to ignore the default list set in the settings.py file.
This is an entry from the documentation
There are times when you have a lot of default settings, but you want to add additional permissions to a certain endpoint, then you have to re-write each class from the default setting. Because of this, problems arise, you cannot replace the permission in one place with any other, you will have to go through each ViewSet where there are custom permissions and change it there.
Solution:
I suggest adding to rest_framework.permissions a DefaultPermission class which will enforce all specified classes in api_settings.DEFAULT_PERMISSION_CLASSES
I can create a Pull Request, I have a small DefaultPermission class that enforces all default permissions.