...
The following attributes can be used to specify the list of required permissions (split by HTTP operation):
permissions_get
permissions_post
permissions_put
permissions_patch
permissions_delete
For instance, to execute GET on the Patient endpoint (OpenIMIS Insuree model) user needs to have the following permission:
insuree.view_insurees
...
The mentioned FHIRApiPermissions class is injected to FHIR API views using the permissionthe permission_classes attribute.