Am Freitag, 19. Januar 2018 15:39:28 UTC+1 schrieb Xavier Ordoquy: > > > Le vendredi 19 janvier 2018 09:44:52 UTC+1, Thomas Güttler a écrit : >> >> Why was auth re-invented in Django-Rest-Framework? >> > What was missing in django? >> > > I don't know the initial reasons but from my experience, Django has a > couple of non obvious implicit constraints on the authentication / > permission that are fine for websites but some APIs require more > flexibility. > To name a few: > - No clear separation of concerns between authentication and permissions. > - It's not supposed to have different authentication schemes across views. > - Permissions are checked out of the context of the request. > - Permissions are linked to a model, not to a representation (the R of > ReST). > > My problem: We have some APIs which use DRF and some do not use DRF. >> >> Everything works. But the design is ugly since we use different solutions >> for the same goal. >> This makes our software more complicated and developers waste time. >> > > I'm not sure I get your point here. > DRF is loosely coupled. You are free not to use DRF authentication / > permission and fall back on Django's. > > >> I guess there were valid reasons why this was done. >> >> Why not improve django, this way everybody (yes, there are people which >> do not use DRF) could benefit. >> > > That would indeed be nice to start bridging that part with Django. > Unless this is a priority for someone it'll likely remain in its current > state. > > Xavier. >
I am happy that my issue was understood. That's all I wanted. Thank you for your reply. -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
