request.user.is_superuser and request.user.is_staff are False

[fegamon]

My DRF settings are:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTStatelessUserAuthentication', 
    ),
    ...
}

I have an admin user, if I view the information in the admin panel, the user is really superuser and staff, but if I look for the user's information in the request object, is_superuser and is_staff are False. I really need the superuser information taken from the request, cause I'm filtering data by user:

Django filter set:

class CustomFilterSet(filters.FilterSet):
    user = filters.CharFilter(field_name='user__username')

    class Meta:
        model = models.MyModel
        fields = '__all__'

    def __init__(self, data=None, queryset=None, *, request=None, prefix=None):
        super().__init__(data, queryset, request=request, prefix=prefix)
        user = self.request.user
        if user and not user.is_superuser:
            self.queryset = self.queryset.filter(user=user.id)

I'm using the version 5.3.1 of simplejwt.

[fegamon]

The solution that I found, was getting the user's pk from request and then get the user from the User model:

user = User.objects.get(id=request.user.pk)

And with that user I can implement what I want.
But I don't know if that is efficient because I think that the library is getting the request.user info from database and then I consult to the db again.

[confuzeus]

JWTStatelessUserAuthentication returns a TokenUser instead of the actual User from the database.

You can customize the token claims to add is_superuser and is_staff, which will then be present on the TokenUser instance.

[fegamon]

@confuzeus It worked! Thank you.