Mixing global and "per view" based permissions

[Toran Billups]

If I want to apply authentication across my entire api I can use the settings below globally

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'my.authentication_classes.SignedOrSessionAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'my.permission_classes.ForceAuthentication',
    )
}
But when I need to support an api that has both authenticated and unauthenticated endpoints => can I override the permission and auth classes on a "per view" basis like so?

class FooCreateAPIView(generics.CreateAPIView):
    permission_classes = (permissions.AllowAny, )

I tried to do this and had no such luck (using the base settings above + the custom override on the CBV you see above)

If I'm wrong, I must have missed something and would love to hear what I skipped in the above setup

If I'm right could someone confirm this is how the project works today? Also is this something the framework could support in the near future? mixed authentication for situations like this?

Thank you in advance

Toran

[Tom Christie]

Hi Toran, that's exactly how it works, yes. Try double checking the view you're working with, perhaps there's a typo on the 'permission_classes' attribute, or the settings are not configured as you're expecting.