90๐
You can give empty defaults for the permission and authentication classes in your settings.
REST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
77๐
You can also disable authentication for particular class or method, just keep blank the decorators for the particular method.
from rest_framework.decorators import authentication_classes, permission_classes
@authentication_classes([])
@permission_classes([])
@api_view(['POST'])
def items(request):
return Response({"message":"Hello world!"})
- [Django]-Django: why i can't get the tracebacks (in case of error) when i run LiveServerTestCase tests?
- [Django]-Explicitly set MySQL table storage engine using South and Django
- [Django]-Django: accessing session variables from within a template?
34๐
if you want to disable authentication for a certain class based view, then you can use,
class PublicEndPoint(APIView):
authentication_classes = [] #disables authentication
permission_classes = [] #disables permission
def get(self, request):
pass
This is useful when you want to make only specific endpoints available public.
- [Django]-Is it possible to pass query parameters via Django's {% url %} template tag?
- [Django]-STATIC_ROOT vs STATIC_URL in Django
- [Django]-Django-reversion and related model
11๐
You can also apply it on one specific endpoint by applying it on class or method. Just need to apply django rest framework AllowAny permission to the specific method or class.
views.py
from rest_framework.permissions import AllowAny
from .serializers import CategorySerializer
from catalogue.models import Category
@permission_classes((AllowAny, ))
class CategoryList(generics.ListAPIView):
serializer_class = serializers.CategorySerializer
queryset = Category.objects.all()
You can achieve the same result by using an empty list or tuple for the permissions setting, but you may find it useful to specify this class because it makes the intention explicit.
- [Django]-Choose test database?
- [Django]-Django.db.utils.ProgrammingError: relation "bot_trade" does not exist
- [Django]-How can I temporarily disable a foreign key constraint in MySQL?
9๐
To enable authentication globally add this to your django settings file:
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
then add the following decorators to your methods to enable unauthenticated access to it
from rest_framework.decorators import authentication_classes, permission_classes
@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def register(request):
try:
username = request.data['username']
email = request.data['email']
password = request.data['password']
User.objects.create_user(username=username, email=email, password=password)
return Response({ 'result': 'ok' })
except Exception as e:
raise APIException(e)
- [Django]-How to query Case-insensitive data in Django ORM?
- [Django]-Elegant setup of Python logging in Django
- [Django]-Django, creating a custom 500/404 error page
7๐
If using APIView you can create a permission for the view, example below:
urls.py
url(r'^my-endpoint', views.MyEndpoint.as_view())
permissions.py
class PublicEndpoint(permissions.BasePermission):
def has_permission(self, request, view):
return True
views.py
from permissions import PublicEndpoint
class MyEndpoint(APIView):
permission_classes = (PublicEndpoint,)
def get(self, request, format=None):
return Response({'Info':'Public Endpoint'})
- [Django]-Difference between filter with multiple arguments and chain filter in django
- [Django]-Copy a database column into another in Django
- [Django]-AttributeError: 'module' object has no attribute 'tests'
4๐
Here is an alternative to simply enable the API forms for development purposes:
settings.py
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny'
]
}
Django REST framework v3.11.0
- [Django]-Render HTML to PDF in Django site
- [Django]-Suppress "?next=blah" behavior in django's login_required decorator
- [Django]-Select between two dates with Django
3๐
For class view you can do:
from rest_framework.permissions import AllowAny
from rest_framework.response import Response
from rest_framework.views import APIView
class ExampleView(APIView):
permission_classes = [AllowAny]
def get(self, request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
For function view you can do:
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import AllowAny
from rest_framework.response import Response
@api_view(['GET'])
@permission_classes([AllowAny])
def example_view(request, format=None):
content = {
'status': 'request was permitted'
}
return Response(content)
More details at Setting the permission policy
- [Django]-Remove Labels in a Django Crispy Forms
- [Django]-On Heroku, is there danger in a Django syncdb / South migrate after the instance has already restarted with changed model code?
- [Django]-Why is logged_out.html not overriding in django registration?
1๐
Also, it can be the separate class for the dev.
class DevAuthentication(authentication.BaseAuthentication):
def authenticate(self, request):
return models.User.objects.first(), None
And in settings.py:
DEFAULT_AUTHENTICATION_CLASSES = ["common.authentication.DevAuthentication"]
- [Django]-Python/Django: log to console under runserver, log to file under Apache
- [Django]-Django query get last n records
- [Django]-What is the Simplest Possible Payment Gateway to Implement? (using Django)
0๐
#in settings.py
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny',
]
}
class ListView(APIView):
authentication_classes = [TokenAuthentication]
permission_classes = [IsAuthenticated]
def get(self,request):
customers = Customer.objects.filter(is_superuser=False)
serializer = CustomerSerializer(customers, many=True)
return Response(serializer.data, status=status.HTTP_200_OK)
- [Django]-What's the best way to store a phone number in Django models?
- [Django]-Django: guidelines for speeding up template rendering performance
- [Django]-Creating a JSON response using Django and Python