Question: Permission in documentation

[gregory....@pix4d.com]

Hi everyone,

I have something that's bugging me.

I'd like to be able to show my documentation (i.e. the endpoints available and their description) even to people not logged in that would not be authorised to run those endpoints. This is because the first step for clients evaluating our API is not to use it, it's really just to see what's available.

Creating an account and API keys just to be able to do that is a strong blocker.

Is there a way to go around the view permission (in the context of documentation only obviously)?

I can track the "problem" to be there

> /Users/gbataille/.virtualenvs/p4d_cloud/lib/python2.7/site-packages/rest_framework/schemas.py(341)has_view_permissions()
    339
    340         try:
--> 341             view.check_permissions(view.request)

But I don't see any obvious way to go around it. Any pointers?

Thanks

Greg

[Carlton Gibson]

Hi Greg, 

The flow here is this: 

documentation.get_docs_view() -> schemas.get_schema_view -> schemas.SchemaView

SchemaView is (just) and APIView subclass — so you can set `permission_classes` as normal. 

However, there's not currently API to pass permission_classes down from the wrapping functions. So, in the short-term, you'll need configure your SchemaView instance by hand. (Take a look at the wrapper functions to see how they work — it's not complex per se.) 

Kind Regards,

Carlton

[Grégory Bataille]

Hum, I see, I had missed this "abstraction".

I guess this should do what I need. I'll have a look.

Thanks

Greg

--

Grégory Bataille | Cloud Developer EPFL Innovation Park | Building F | 1015 Lausanne, Switzerland   https://pix4d.com |  gregory....@pix4d.com

--
You received this message because you are subscribed to a topic in the Google Groups "Django REST framework" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-rest-framework/s7SKo7Fn9xc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-rest-framework+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Abraham Varricatt]

If I may offer a suggestion,

http://www.django-rest-framework.org/topics/documenting-your-api/#django-rest-swagger

Now, this does not directly solve your problem of providing documentation to un-logged in users. If you visit the end-point created by the project, it will only show documentation for logged in folks. BUT, if you pass along with a GET request, the query, ?format=openapi  , you will be able to get JSON dump of your API in swagger format. This JSON is (obviously) login-independent. You can either host the JSON separately, or just pass the file along as an email attachment to your users to evaluate. They could then use something like http://petstore.swagger.io/  and point to the JSON you provided if they want a GUI version.

Trying to help,
Abraham V.

On Friday, 26 May 2017 04:59:08 UTC-4, Grégory Bataille wrote:

Hum, I see, I had missed this "abstraction".

I guess this should do what I need. I'll have a look.

Thanks

Greg

--

Grégory Bataille | Cloud Developer EPFL Innovation Park | Building F | 1015 Lausanne, Switzerland

https://pix4d.com |  gregory.bata...@pix4d.com