Django REST Framework: 'BasePermissionMetaclass' object is not iterable

Question

Python/Django n00b moving over from javascript.

Trying to add an API endpoint using Django REST Framework which I'm hoping will ultimately be able to update a User with the body of a PATCH request, but for now I just want it to not throw a 500 error.

I've added this to urlpatterns:

url(r'update/$', views.UpdateView.as_view(), name="update_user"),

And that should bring in this view:

from django.contrib.auth.models import User
from rest_framework.generics import UpdateAPIView
from .serializers import UserSerializer

class UpdateView(UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer

The UserSerializer looks like this:

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ('username', 'pk', 'status')

Seem to be getting this every time I visit the route:

TypeError at /api/update/
'BasePermissionMetaclass' object is not iterable

I have no idea what I'm doing - anyone seen this before?

UPDATE: Full Traceback:

Internal Server Error: /api/update/
Traceback (most recent call last):
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view
    return self.dispatch(request, *args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 495, in dispatch
    response = self.handle_exception(exc)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 455, in handle_exception
    self.raise_uncaught_exception(exc)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 483, in dispatch
    self.initial(request, *args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 401, in initial
    self.check_permissions(request)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 333, in check_permissions
    for permission in self.get_permissions():
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 280, in get_permissions
    return [permission() for permission in self.permission_classes]
TypeError: 'BasePermissionMetaclass' object is not iterable

Answer 1

You have mistyped the comma in DEFAULT_PERMISSION_CLASSES value, due to which Django takes it as a string, instead of a tuple.

Solution:

REST_FRAMEWORK = {
   ...
   'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAdminUser', ),
   ...
}

Answer 2

I had the same problem, but looked for wrong place. I made mixin class with permissions and there was code

permission_classes = (
    permissions.IsAuthenticated
)

but should be

permission_classes = (
    permissions.IsAuthenticated,
#                              ^
#                         a comma here
)

So do not forget to look for other classes with permissions. I hope it will help someone.

Answer 3

@permission_classes((AllowAny,))

You have to ensure the comma

Answer 4

As a reference for other people who might be searching here, this could be an issue too..

from django.contrib.auth.models import User
from rest_framework.generics import UpdateAPIView
from .serializers import UserSerializer

class UpdateView(UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = IsAuthenticated

Should change to:

    from django.contrib.auth.models import User
    from rest_framework.generics import UpdateAPIView
    from .serializers import UserSerializer

    class UpdateView(UpdateAPIView):
        queryset = User.objects.all()
        serializer_class = UserSerializer
        permission_classes = [IsAuthenticated]