如何使仅超级用户编辑模型

我有 2 个模型：配方和 Ingridient，我希望只有超级用户才能编辑模型 Ingridient，普通用户只能查看 ingridient，而无法编辑它们。现在以这种方式设置，如果您已登录，则拥有所有权限，但我希望只有超级用户才能编辑 Ingridients，而普通登录用户才能添加配方(无法编辑 ingridient(。

#views.py

class ReceptViewRetrieveUpdateDestroy(generics.RetrieveUpdateDestroyAPIView):
queryset = Recipe.objects.all()
lookup_field = 'id'
serializer_class = RecipeSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
def delete(self, request, *args, **kwargs):
try:
id = request.data.get('id', None)
response= super().delete(request, *args, **kwargs)
if response.status_code == 204:
from django.core.cache import cache
cache.delete("{}".format(id))
return response
except Exception as e:
return response({
"Message":"Failed"
}) 
def update(self, request, *args, **kwargs):
response = super().update(request, *args, **kwargs)
if response.status_code == 200:
mydata = response.data

from django.core.cache import cache
cache.set("ID :{}".format(mydata.get('id', None)),{
'title':mydata["title"],
'description':mydata["description"],
'image':mydata["image"],
'galery':mydata["galery"],
'kitchen_type':mydata["kitchen_type"],
'num_persons':mydata["num_persons"],
'preparation_steps':mydata["preparation_steps"]
})
return response
class SestavinaViewRetrieveUpdateDestroy(generics.RetrieveUpdateDestroyAPIView):
queryset = Ingridient.objects.all()
lookup_field = 'id'
serializer_class = IngridientSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
def delete(self, request, *args, **kwargs):
try:
id = request.data.get('id', None)
response= super().delete(request, *args, **kwargs)
if response.status_code == 204:
from django.core.cache import cache
cache.delete("{}".format(id))
return response
except Exception as e:
return response({
"Message":"Failed"
})   
def update(self, request, *args, **kwargs):
response = super().update(request, *args, **kwargs)
if response.status_code == 200:
mydata = response.data
from django.core.cache import cache
cache.set("ID :{}".format(mydata.get('id', None)),{
'name':mydata["name"],
'quantity':mydata["quantity"],
'calories':mydata["calories"],
'protein':mydata["protein"],
'carbon':mydata["carbon"],
'fiber':mydata["fiber"],
'fat':mydata["fat"],
'saturated_fat':mydata["saturated_fat"]
})
return response

class RecipeListView(generics.ListCreateAPIView):  
model = Recipe
serializer_class = RecipeSerializer
queryset = Recipe.objects.all()
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
class IngridientsListView(generics.ListCreateAPIView):  
model = Ingridient
serializer_class = IngridientSerializer
queryset = Ingridient.objects.all()
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)

#models.py

class Ingridient(models.Model):
name = models.CharField(default='', max_length=20)
quantity = models.IntegerField(default=0)
calories = models.IntegerField(default=0)
protein = models.IntegerField(default=0)
carbon = models.IntegerField(default=0)
fiber = models.IntegerField(default=0)
fat = models.IntegerField(default=0)
saturated_fat = models.IntegerField(default=0)
def __str__(self):
return self.name
class Recipe(models.Model):
title = models.CharField(default='', max_length=60)
description = models.TextField(default='',max_length=1000)
image = models.ImageField(default='',upload_to='pics', blank=True)
galery = models.ImageField(default='', blank=True)
kitchen_type = models.CharField(default='',max_length=35)
num_persons = models.IntegerField(default=0)
preparation_steps = models.TextField(default='')
Ingridients = models.ManyToManyField(Ingridient)

def __str__(self):
return self.title

#serializers.py

class IngridientSerializer(serializers.ModelSerializer):
class Meta:
model = Ingridient
fields = ('name', 'quantity', 'calories', 'protein', 'carbon', 'fiber', 'fat',         
'saturated_fat')
class RecipeSerializer(serializers.ModelSerializer):
Ingridients = IngridientSerializer(many=True)
class Meta:
model = Recipe
fields = ('title', 'description', 'image', 'galery', 'kitchen_type', 'num_persons', 
'preparation_steps', 'Ingridients')