How Are Permissions To Access To Django REST API Managed?
I am building a Django application that exposes a REST API by which users can query my application's models. I'm following the instructions here. Below you can see me hitting this
Solution 1:
In your APIView, or your ModelViewSet do
permission_classes = []
or
permission_classes = [rest_framework.permissions.AllowAny]
This will make it publicaly available for any one. This is because all modeviewsets/viewsets/ or APIViews all inheirit from APIView which sets the permission classes to
permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
Which I'm guessing in your case is only a superuser.
OK Just looked at the guide you're following. If you look at your settings
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
    'PAGINATE_BY': 10
}
Your setting the default permission class to be only admins. So you can either do what I suggested earlier and override the default permissions, or change IsAdminUser to
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),
    'PAGINATE_BY': 10
}
Good luck, django-rest-framework is amazing.
Post a Comment for "How Are Permissions To Access To Django REST API Managed?"