How to login with curl?

[Jeffrey Kevin]

I cant seem to find any documentation about accessing an api with this
framework using curl to first login... I love your software and think
it's the best out there, however, i wish there was far more
documentation. Thank you!

[Tom Christie]

Heya,

  Yeah we def need more complete documentation.  It's one of the priorities at the moment.  We'll get there...

  You can use -u 'username:password' with curl, to send the username and password using basic authentication.

  You'll need to do this with every request.

  I've just added a new bullet point for that one to these docs:

  http://django-rest-framework.org/howto/usingcurl.html

  Let me know if that's not quite what you were looking for, for any reason...

Cheers,

  Tom

[markotibold]

>   I've just added a new bullet point for that one to these docs:
>  http://django-rest-framework.org/howto/usingcurl.html

Wouldn't be ``-u <username>:<password>`` instead of ``-u : ``

[Tom Christie]

Oops.  So much for manual edits.

[Me: goes back and uses &lt; &gt; instead of '<' '>' which was screwing it up]

Cheers dude,

  t.

[Jeffrey Kevin]

Awesome!

Thank you so much for the reply. It's nice to have a developer that
responds to questions about his code :)

I appreciate it.

I am new to Django and frankly do not know how I lived without it. The
CRUD features alone are amazing. When someone comes along and builds a
commercial grade plug in like django rest framework, it makes it all
the better.

I will definitely be recommending this! It seems to be far more
functional and robust than piston.

Thanks again,

Jeffrey Kevin Pry

[Jeffrey Kevin]

One more quick question. Is there an easy to disable the html version
of the application you've written? Also, is there a way to control if
a user is allowed read only or if they should be able to create
objects through the api?

Thanks again!

[Tom Christie]

Heya,

> Is there an easy to disable the html version of the application you've written?

Yeah, so on the resource do something like:

from djangorestframework.resource import Resource

from djangorestframework import emitters

MyResource(Resource):
    emitters = ( emitters.JSONEmitter,
                      emitters.DocumentingPlainTextEmitter,
                      emitters.XMLEmitter)

> Also, is there a way to control if a user is allowed read only or if they

> should be able to create objects through the api?

Do you just mean setting either 'allowed_methods = ('GET',) or 'allowed_methods = ('GET', 'POST') on the resource, or do you mean having a resource that supports both, but some users can do both?  For the later, you can use the 'auth' parameter in the handler methods, which will simply be set to the user object (unless you customise the authenticators)  So probably something like...

MyResource(ModelResource):

    ...

    def post(self, request, auth, content, num):

       # do stuff with auth, and possibly raise a ResponseException 403

       super(MyResource, self).post(request, auth, content, num)

This'll get easier with the next version that's planned to be rolled out shortly, which adds proper permissions hooks as well as the authentication that's currently in place.

Hope that helps...

(And glad to hear ya like the framework!)

  t.