Using different authentication for different operations in ModelViewSet in Django REST structure

Question

Using different authentication for different operations in ModelViewSet in Django REST structure

I have the following ModelViewSet

class UserViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows users to be viewed or edited.
    """
    queryset = User.objects.all()
    serializer_class = UserSerializer
    authentication_classes = (TokenAuthentication,)
    permission_classes = (permissions.IsAuthenticated, MyUserPermissions)

I want create method (POST on /users/)not to request any authentication. How can I override authentication_classes in this case? I am talking about ModelViewSetnot general representations of the API.

+4

django django-rest-framework

dado_eyad Mar 05 '14 at 11:40

source share

1 answer

Tom Christie · Accepted Answer · 2014-03-05T12:36:34+0000

I want the create (POST on / users /) method not to request any authentication.

Actually, this is not exactly what you want. You want POSTusers to not require any permissions, which can lead to the successful completion of authenticated or unauthorized requests.

, POST. .

- :

class IsAuthenticatedOrCreate(permissions.IsAuthenticated):
    def has_permission(self, request, view):
        if request.method == 'POST':
            return True
        return super(IsAuthenticatedOrCreate, self).has_permission(request, view)

, , - .

Using different authentication for different operations in ModelViewSet in Django REST structure

More articles: