DRF APIVIEW only post method permisiion_classes not in get method

This is because the DRF APIView class provides default implementations for the get, post, put, patch, and delete HTTP methods. By default, all of these methods are allowed without any authentication or permission checks.

In order to restrict access to a specific HTTP method, such as POST, you need to explicitly define the required authentication and/or permission checks using the permission_classes attribute.

For example, if you want to require a user to be authenticated in order to access the POST method, you can add the following to your APIView class:

class MyView(APIView):
    permission_classes = [IsAuthenticated]

    def post(self, request):
        # handle POST request here
        pass

    def get(self, request):
        # handle GET request here
        pass

This will ensure that only authenticated users can access the POST method, while the GET method will still be available to anyone.