^{Originally posted by lpomfrey March 18, 2024}
As the title states, it seems from DRF 3.15 the permissions.DjangoModelPermissionsOrAnonReadOnly doesn't actually allow anonymous read only access as it inherits the check for the view permission on the model from permissions.DjangoModelPermissions class.

It would seem to replicate the older behaviour DjangoModelPermissionsOrAnonReadOnly should set 'GET' and 'HEAD' in the perms_map to [] (along with setting authenticated_users_only = False).

I'm not sure if this is by design and the recommended solution is to compose a set of permissions like permissions.DjangoModelPermissions | ReadOnly (providing a custom ReadOnly class), but the documentation still suggests it should work as it did in 3.14 and before.