发表新帖
发表新帖

How Can I Disable Authentication in Django REST Framework

后端 未结
关注
7 910
庸人自扰
庸人自扰 2020-12-13 23:11

I\'m working on a store site, where every user is going to be anonymous (well, until it\'s time to pay at least), and I\'m trying to use Django REST Framework to serve the p

相关标签:
7条回答
  • 借酒劲吻你
    2020-12-13 23:49

    if you want to disable authentication for a certain class based view, then you can use,

    class PublicEndPoint(APIView):
    authentication_classes = [] #disables authentication
    permission_classes = [] #disables permission
    
    def get(self, request):
        pass

    This is useful when you want to make specific endpoints available public.

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-13 23:54

    You can also disable authentication for particular class or method, just keep blank the decorators for the particular method. 

    from rest_framework.decorators import authentication_classes, permission_classes

@api_view(['POST'])    
@authentication_classes([])
@permission_classes([])
def items(request):
   return Response({"message":"Hello world!"})
    0 讨论(0)
  • 小鲜肉
    2020-12-13 23:58

    You can also apply it on one specific endpoint by applying it on class or method. Just need to apply django rest framework AllowAny permission to the specific method or class.

    views.py

    from rest_framework.permissions import AllowAny

from .serializers import CategorySerializer
from catalogue.models import Category   

@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
    serializer_class = serializers.CategorySerializer
    queryset = Category.objects.all()

    You can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.

    0 讨论(0)
  • 误落风尘
    2020-12-14 00:00

    You can give empty defaults for the permission and authentication classes in your settings.

    REST_FRAMEWORK = {
    # other settings...

    'DEFAULT_AUTHENTICATION_CLASSES': [],
    'DEFAULT_PERMISSION_CLASSES': [],
}
    0 讨论(0)
  • 春和景丽
    2020-12-14 00:07

    Here is an alternative to simply enable the API forms for development purposes:

    settings.py

    REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny'
    ]
}

    Django REST framework v3.11.0

    0 讨论(0)
  • 长情又很酷
    2020-12-14 00:09

    If using APIView you can create a permission for the view, example below:

    urls.py

    url(r'^my-endpoint', views.MyEndpoint.as_view())

    permissions.py

    class PublicEndpoint(permissions.BasePermission):
    def has_permission(self, request, view):
        return True

    views.py

    from permissions import PublicEndpoint

class MyEndpoint(APIView):

    permission_classes = (PublicEndpoint,)

    def get(self, request, format=None):
        return Response({'Info':'Public Endpoint'})
    0 讨论(0)
 看不清?
提交回复
热议问题