Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add django rest framework permissions on specific method only ?

Tags:

django

django-rest-framework

django-permissions

I have following functions in rest API for User model. I want to set AllowAny permission on only POST request. Can someone help me out.

class UserList(APIView):
    """Get and post users data."""

    def get(self, request, format=None):
        """Get users."""
        users = User.objects.all()
        serialized_users = UserSerializer(users, many=True)
        return Response(serialized_users.data)

    def post(self, request, format=None):
        """Post users."""
        serializer = UserSerializer(data=request.data)
        if serializer.is_valid():
            serializer.save()
        return Response(serializer.data, status=status.HTTP_201_CREATED)
like image 258
Ankit Avatar asked Jun 05 '16 12:06

Ankit

People also ask

What is permission in Django REST framework?

Permissions are used to grant or deny access for different classes of users to different parts of the API. The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds to the IsAuthenticated class in REST framework.

2 Answers

You can write a custom Permission class IsPostOrIsAuthenticated which will allow unrestricted access to POST requests but will allow only authenticated GET requests.

To implement the custom permission IsPostOrIsAuthenticated, override the BasePermission class and implement .has_permission(self, request, view) method. The method should return True if the request should be granted access, and False otherwise.

from rest_framework import permissions

class IsPostOrIsAuthenticated(permissions.BasePermission):        

    def has_permission(self, request, view):
        # allow all POST requests
        if request.method == 'POST':
            return True

        # Otherwise, only allow authenticated requests
        # Post Django 1.10, 'is_authenticated' is a read-only attribute
        return request.user and request.user.is_authenticated

So, all POST requests will be granted unrestricted access. For other requests, authentication will be required.

Now, you need to include this custom permission class in your global settings.

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'my_app.permissions.IsPostOrIsAuthenticated',
    )
}
like image 74
Rahul Gupta Avatar answered Oct 11 '22 03:10

Rahul Gupta

http://www.django-rest-framework.org/api-guide/permissions/

as per above URL you have to write one custom permission class

class ExampleView(APIView):
    permission_classes = (MyCustomAuthenticated,)

Write your own logic using AllowAny or IsAuthenticated inside MyCUstomAuthenticated based on POST and GET

like image 22
Mridul Kumar Biswas Avatar answered Oct 11 '22 01:10

Mridul Kumar Biswas
Sign in to Comment

Related questions

How to send multiple input field values with same name?
Django grouping queryset by first letter?
Django raising 404 with a message
Sending email from Django via hosted SMTP
Redirect if already logged in through Django urls?
using User.objects.get_or_create() gives invalid password format in django?
Django: Using F arguments in datetime.timedelta inside a query
Django dumpdata fails on special characters
In Django, How do I get escaped html in HttpResponse?
How do clone a Mercurial repository into a directory that already exists?
Django redirect using reverse() to a URL that relies on query strings
Setting DJANGO_SETTINGS_MODULE under virtualenv?
How to profile django application with respect to execution time?
In django, is there a way to directly annotate a query with a related object in single query?
Django/Python Runtime Error: Maximum recursion depth exceeded
How to configure simple links and image attaching in ckeditor?
Python - ERROR - failed to write data to stream: <open file '<stdout>', mode 'w' at 0x104c8f150>
Django Rest Framework APIRequestFactory request object has no attribute 'query_params'
Django form returns is_valid() = False and no errors
How to filter for multiple ids from a query param on a GET request with django rest framework?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!