permission_classes in ListBulkCreateUpdateAPIView

[nguyenducthuanuet]

I have a permisson class like this

from rest_framework import status, permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
    """
    Custom permission to only allow owners of an object to edit it.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the owner of the snippet.
        return obj.user == request.user

and my ViewSet:

class CompanyView(ListBulkCreateUpdateAPIView):
     serializer_class = company_serializer.CompanySerializer
     permission_classes = (IsOwnerOrReadOnly,)

But When I make a POST/PUT request to insert or update many records, My ViewSet does not use Permission class to check permissions.
How to add permission classes to Bulk ViewSet ?

[mvduyn]

You should call self.check_object_permission() from the GenericAPIView class.
See the documentation: https://www.django-rest-framework.org/api-guide/generic-views/#genericapiview