how to add allow methods
36 views
Skip to first unread message
siva gatti
Sep 10, 2019, 7:44:10 AM9/10/19
to Django REST framework
Hi,
class UserViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated]
queryset = Documents.objects.all()
serializer_class = DocumentSerializer
this is my viewset. I want to allow users for post method without authentication how can i add allowed methods here.with authentication and without authentication
Harrys Asimakopoulos
Sep 10, 2019, 8:04:51 AM9/10/19
to Django REST framework
from rest_framework.permissions import AllowAnyclass UserViewSet(viewsets.ModelViewSet): permission_classes = [AllowAny,]
Jakob Damgaard Møller
Sep 10, 2019, 8:17:38 AM9/10/19
to django-res...@googlegroups.com
Instead of using a viewset look at:
or:
You will need to assign permissions_classes to each "method"
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/f9f13934-f4b1-4bf7-a675-fc606cf21908%40googlegroups.com.
Jakob Damgaard Olsen
Tlf: 24613112
Tlf: 24613112
siva gatti
Sep 10, 2019, 8:18:08 AM9/10/19
to django-res...@googlegroups.com
unauthenticated users can only post but here they can do get ,delete and update
--
siva gatti
Sep 10, 2019, 8:30:19 AM9/10/19
to django-res...@googlegroups.com
class UserViewSet(viewsets.ModelViewSet):
permission_classes =[IsAuthenticated]
permission_classes =[IsAuthenticated]
if(permission_classes):
http_method_names = ['post']
http_method_names = ['post']
queryset = Documents.objects.all()
serializer_class = DocumentSerializer
i am trying like this
my problem is unauth users can only access post method and auth users can access post,get,put methods
Jakob Damgaard Møller
Sep 10, 2019, 8:45:17 AM9/10/19
to django-res...@googlegroups.com
Or look into a custom permission:
https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions
IsCreationOrAuthenticated like the: IsOwnerOrReadonly
Instead of the request.method in permissions.SAFE_METHODS, see if the method == "POST"
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAA9F9ijJTZgogDyg3ufKw%2Bm5sXuHpRFREfrdYyNKHmk%3D%3DnC_hg%40mail.gmail.com.
Alan Crosswell
Sep 10, 2019, 9:20:22 AM9/10/19
to django-res...@googlegroups.com
Try something like this:
'OPTIONS': [],
'HEAD': [],
# 'POST': ['%(app_label)s.add_%(model_name)s'],
'POST': [],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
https://www.django-rest-framework.org/api-guide/permissions/ says: "To use custom model permissions, override
DjangoModelPermissions and set the .perms_map property. Refer to the source code for details."(!)from rest_framework.permissions import DjangoModelPermissions, IsAuthenticated
class MyDjangoModelPermissions(DjangoModelPermissions):
"""
Override `DjangoModelPermissions <https://docs.djangoproject.com/en/dev/topics/auth/#permissions>`_
to allow POST permission.
"""
perms_map = {
'GET': [],'OPTIONS': [],
'HEAD': [],
# 'POST': ['%(app_label)s.add_%(model_name)s'],
'POST': [],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
class MyViewSet(ModelViewSet):
permission_classes = MyDjangoModelPermissions
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAMmJSsHtbaiwAprJvD%2BOmNykXo6cE5o1%3DjCbx2Q1CRYF-0DKSA%40mail.gmail.com.
Alan Crosswell
Associate VP & CTO
Reply all
Reply to author
Forward
0 new messages