How to restrict Django Rest Framework browsable API interface to admin users

前端未结

关注

 3  700

执笔经年 2021-02-07 08:36

I\'m developing a Django Rest Framework backend for a mobile app. The API is private and will only ever be used internally.

The browsable API is convenient for helping d

3条回答

猫巷女王i (楼主)

2021-02-07 08:52

In rest_framework views we have a attribute called renderes_classes Usually we have a method get_ as we do with queryset/get_queryset but in this case we didn't have that, so i needed to implement a property.

from tasks.models import Task
from tasks.serializers import TaskSerializer

from rest_framework.generics import ListAPIView
from rest_framework.permissions import IsAuthenticatedOrReadOnly
from rest_framework.renderers import CoreJSONRenderer


class CustomRendererView:
    permission_classes = (IsAuthenticatedOrReadOnly,)

    @property
    def renderer_classes(self):
        renderers = super(ListTask, self).renderer_classes

        if not self.request.user.is_staff:
            renderers = [CoreJSONRenderer]

        return renderers


class ListTask(CustomRendererView, ListAPIView):
    queryset = Task.objects.all()
    serializer_class = FullTaskSerializer

0 讨论(0)

查看其它3个回答