How Are Permissions To Access To Django REST API Managed?

June 27, 2022 Post a Comment

I am building a Django application that exposes a REST API by which users can query my application's models. I'm following the instructions here. Below you can see me hitting this

Solution 1:

In your APIView, or your ModelViewSet do

permission_classes = []

permission_classes = [rest_framework.permissions.AllowAny]

This will make it publicaly available for any one. This is because all modeviewsets/viewsets/ or APIViews all inheirit from APIView which sets the permission classes to

permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES

Which I'm guessing in your case is only a superuser.

OK Just looked at the guide you're following. If you look at your settings

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
    'PAGINATE_BY': 10
}

Your setting the default permission class to be only admins. So you can either do what I suggested earlier and override the default permissions, or change IsAdminUser to

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),
    'PAGINATE_BY': 10
}

Good luck, django-rest-framework is amazing.

Free Interactive Python Tutorial

How Are Permissions To Access To Django REST API Managed?

Solution 1:

Post a Comment for "How Are Permissions To Access To Django REST API Managed?"