Menu
How would you go about protecting DefaultRouter() so the user can not view API Root unless they are logged in?
class OrderViewSet(viewsets.ReadOnlyModelViewSet):
permission_classes = (permissions.IsAuthenticated)
queryset = Order.objects.all()
serializer_class = OrderSerializer
router = routers.DefaultRouter()
router.register(r'orders', views.OrderViewSet)
urlpatterns = [
url(r'^', include(router.urls)),
url(r'^auth/', include('rest_framework.urls')),
]
project.urls.py
# API
url(r'^api/', include(api_urls)),
337
You can add default permission classes in your settings.py file:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
