Django REST difference between permission classes and authentication classes

Question

Django REST difference between permission classes and authentication classes

There is one last thing that I'm a bit confused about in the Django Rest Framework, and that differs between permission classes and authentication classes .

these are my settings .py

REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.permissions.IsAdminUser',


),
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.TokenAuthentication',
    'rest_framework.authentication.SessionAuthentication',
),
'PAGINATE_BY': 10

}

and in my opinion I have the following ...

class ProfileList(generics.ListCreateAPIView):
    """
    API endpoint that represents a list of users.
    """
    permission_classes = (permissions.IsAdminUser,)
    model = Profile
    serializer_class = ProfileSerializer

    def pre_save(self, obj):
        obj.owner = self.request.user

What I assumed would happen with the above is that only admin users had access to the browser API, while a user with a valid token could receive a json request. However, this is not the case when IsAuthenticated seems to give them access, but = this still allows my users access to the online version at login.

, , , - - API , ?

+5

django django-rest-framework

Prometheus 14 . '13 17:19

2

, , :

- . PermissionDenied , .

IsAdminUser, . , , DEFAULT_AUTHENTICATION_CLASSES.

+1

webjunkie 15 . '13 13:56

Tom Christie · Accepted Answer · 2013-02-15T13:19:24+0000

, , , - - API , ?

, , - , API- browseable , , JSON. API. , , API , API.

, admin, :

get_renderers() . ( ) self.request.user.is_staff Viewable API renderer, admin.
API .render(). (, . ). renderer_context['request'] JSON, admin.

Django REST difference between permission classes and authentication classes

More articles: