Hi everyone,
I am trying to figure out how to remove authentication from a single view
within a ViewSet. I essentially want this endpoint to be public, but not
effect any other view in here.
In settings.py I have:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
), ...
}
My ViewSet is just a basic viewsets.ViewSet with no decorators or variables
being modified on the class.
In this ViewSet I have the following view:
@list_route(methods=['GET'], url_path='package/(?P<package_id>[^\/]+)')
def get_package(self, request, package_id):
I have tried just about every possible combination
of @authentication_classes() and @permission_classes() decorators, trying
different orders too, and no matter what I get:
{
"detail": "Authentication credentials were not provided."
}
I've even tried making my own authentication class:
class NoAuthentication(BaseAuthentication):
def authenticate(self, request):
return True
def authenticate_header(self, request):
pass
And then using it as such:
@list_route(methods=['GET'], url_path='package/(?P<package_id>[^\/]+)')
@authentication_classes([NoAuthentication, ])
@permission_classes([AllowAny, ])
def get_package(self, request, package_id):
Which does a whole lot of nothing.
Removing this view from the ViewSet is a last resort as I'd rather not have
to hard-code a URL that mimics the ViewSet's route. I would really like to
know why I can't disable auth on a single view.
Any help here would be much appreciated!
Thanks
Dan
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
