In my code, I have the following view:
class PointCountDetails(generics.RetrieveDestroyAPIView):
serializer_class=PointCountSerializer
permission_classes=[IsSuperUserOrSafeOnly]
The permission looks as follows:
The problem is that when I surf API as non-admin user, the user is allowed to delete instance of pointcount that is attached to their id. Why is it that if permission doesn’t allow them to delete?