Maybe you should try this with class based views. I have something like
this implemented as a class based view and it is working. I have something
like this:
from rest_framework import status, generics
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticatedOrReadOnly
class GetPackageView(generics.ListAPIView):
serializer_class = PackageSerializer
permission_classes = (IsAuthenticatedOrReadOnly,)
On Wednesday, January 4, 2017 at 6:35:03 PM UTC+2, Dan wrote:
>
> Hi everyone,
>
>
> I am trying to figure out how to remove authentication from a single view
> within a ViewSet. I essentially want this endpoint to be public, but not
> effect any other view in here.
>
> In settings.py I have:
> REST_FRAMEWORK = {
> 'DEFAULT_AUTHENTICATION_CLASSES': (
> 'oauth2_provider.ext.rest_framework.OAuth2Authentication',
> ),
>
> 'DEFAULT_PERMISSION_CLASSES': (
> 'rest_framework.permissions.IsAuthenticated',
> ), ...
> }
>
>
> My ViewSet is just a basic viewsets.ViewSet with no decorators or
> variables being modified on the class.
>
> In this ViewSet I have the following view:
> @list_route(methods=['GET'], url_path='package/(?P<package_id>[^\/]+)')
> def get_package(self, request, package_id):
>
>
> I have tried just about every possible combination
> of @authentication_classes() and @permission_classes() decorators, trying
> different orders too, and no matter what I get:
> {
> "detail": "Authentication credentials were not provided."
> }
>
> I've even tried making my own authentication class:
> class NoAuthentication(BaseAuthentication):
> def authenticate(self, request):
> return True
>
>
> def authenticate_header(self, request):
> pass
>
> And then using it as such:
> @list_route(methods=['GET'], url_path='package/(?P<package_id>[^\/]+)')
> @authentication_classes([NoAuthentication, ])
> @permission_classes([AllowAny, ])
> def get_package(self, request, package_id):
> Which does a whole lot of nothing.
>
>
> Removing this view from the ViewSet is a last resort as I'd rather not
> have to hard-code a URL that mimics the ViewSet's route. I would really
> like to know why I can't disable auth on a single view.
>
>
> Any help here would be much appreciated!
>
>
> Thanks
> Dan
>
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
