I want to create a POST request from React to DRF for a normal search functionality: ANYONE on the site can input something in a search field and that data will be used to query the database. I do not need the users to be authenticated or anything. In DRF there needs to be an authentication class and I dont know which one to use. Any ideas?
Set permission_classes and authentication_classes to empty
from rest_framework.views import APIView
class MyPublicView(APIView):
permission_classes = []
authentication_classes = []
You can use any DRF view instead of APIView. This procedure is same for all CBVs in DRF.
Related
I have Django REST framework form like this:
and I would like to do a simple thing: hide POST form (in the red rectangle) when the user is not logged in. I just don't know how to do it, because all I have is model, view that inherits from ListCreateAPIView and serializer inhgeriting from ModelSerializer.
You can use Django rest framework Authentication and Permission classes: https://www.django-rest-framework.org/api-guide/authentication/
from rest_framework.permissions import IsAuthenticated
if you use generic or viewsets class add this line inside your view class
permission_classes = [IsAuthenticated]
or you can set permission to admins only by import
from rest_framework.permissions import IsAdminUser
and
permission_classes = [IsAdminUser]
With Django REST Framework(DRF) I can customize Authentication class and Permission class simply like this
from django_cognito_jwt import JSONWebTokenAuthentication
from rest_framework import viewsets
from rest_framework.permissions import IsAuthenticated
class CognitoQuestionViewSet(viewsets.ModelViewSet):
authentication_classes = (JSONWebTokenAuthentication,)
permission_classes = (IsAuthenticated,)
queryset = Question.objects.all()
serializer_class = QuestionSerializer
In the GraphQL docs. It is using standard Django login which is different from my project. I had checked with source LoginRequiredMixin but no luck. I don't see Authentication class there then I can override it
Problem:
How to customize GraphQL Authentication class and Permission class like one I did in DRF
After trials and tries with django-graphql-jwt with no luck. vinayan3 has the answer on my question. Because django-cognito-jwt is considered as a DRF complement.
Solution:
Just replace TokenAuthentication with JSONWebTokenAuthentication from django_cognito_jwt
In my Django project I have a public API endpoint built with Django Rest Framework's APIView. It does not need to know anything about the user. Still, Django automatically fetches the session and the user from the database. Is there a way to not do this since it causes two unnecessary DB hits?
Here is the code:
class TermListView(APIView):
permission_classes = ()
def get(self, request, format=None):
qs = Term.objects.all().only('original_word')
return Response([term.original_word for term in qs])
You need to add authentication_classes = () to the View class. This tells Django not to worry about the user. Or you can also configure this option globally for all your endpoints.
I used Django REST Swagger in my Django project. It is able to show all the URL with views which does not have
permission_classes = [IsAuthenticated]. While the view with permission_classes = [IsAuthenticated] is not shown in the list-api.
Here is an example:
class EquipmentCategoryViewSet(ResponseMixin, viewsets.ModelViewSet):
queryset = EquipmentCategory.objects.all()
serializer_class = EquipmentCategorySerializer
permission_classes = [IsAuthenticated]
if i remove permission_classes = [IsAuthenticated], it is shown in the swagger list-api.
I downgraded swagger to 2.1.2 and clicked on authorized and passed the token.
The strange thing is I have a prefix 'Token' in my value. When i login with Token<tokenvalue> login fails. But when I pass <tokenvalue> it gets authenticated but the views with isAuthenticated is not shown.
Please suggest what should be done to show views with isAuthenticated added.
In document API top right corner there is a option for authorise or to log in. Do provide valid token in it or login. This will list other endpoints.
Use swagger 2.1.2.
The latest django swagger version 2.2 has some issue with
authorization. Refer:
https://github.com/marcgibbons/django-rest-swagger/issues/762
you can just override the schema
from rest_framework.schemas import get_schema_view
from rest_framework_swagger import renderers
schema_view = get_schema_view(title="Fbs Api Docs", public=True, renderer_classes=[renderers.OpenAPIRenderer, renderers.SwaggerUIRenderer])
you pass the public=True it will allow all api to list, in
urls.py include below
path('docs/', schema_view),
I am a newbie in Django. I had created REST API using DRF. My Django has 3 apps. So now I want to apply authentication. I have seen much help but I am not to apply the authentication properly. I also want that the model should be attached to the user. So that one user can't see another user entries. Can anyone help me in telling how to implement this a little detailed?
Thanks in advance. Will be a great help if someone answers.
You could add custom permissions,
class IsOwnerOnlyAllowed(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return obj.owner == request.user
You may add permission_classes = (IsOwnerOnlyAllowed,)
Also, you could override the queryset attribute of your view to provide only entries which are related to the logged in users.
Edit your views,
from rest_framework import generics
from .models import DatasetModel
from .serializer import DatasetSerializer
class DatasetView(generics.ListCreateAPIView):
queryset = DatasetModel.objects.all()
serializer_class = DatasetSerializer
def get_queryset(self):
return self.queryset.filter(owner=self.request.user)