Re: Ignore authentication on a single list_route within ViewSet?

2017-01-07 Thread Norbert Mate 
Maybe you should try this with class based views. I have something like 
this implemented as a class based view and it is working. I have something 
like this:
from rest_framework import status, generics 
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticatedOrReadOnly 


class GetPackageView(generics.ListAPIView):
serializer_class = PackageSerializer
permission_classes = (IsAuthenticatedOrReadOnly,)





On Wednesday, January 4, 2017 at 6:35:03 PM UTC+2, Dan wrote:
>
> Hi everyone,
>
>
> I am trying to figure out how to remove authentication from a single view 
> within a ViewSet. I essentially want this endpoint to be public, but not 
> effect any other view in here.
>
> In settings.py I have:
> REST_FRAMEWORK = {
> 'DEFAULT_AUTHENTICATION_CLASSES': (
> 'oauth2_provider.ext.rest_framework.OAuth2Authentication',
> ),
>
> 'DEFAULT_PERMISSION_CLASSES': (
> 'rest_framework.permissions.IsAuthenticated',
> ),...
> }
>
>
> My ViewSet is just a basic viewsets.ViewSet with no decorators or 
> variables being modified on the class.
>
> In this ViewSet I have the following view:
> @list_route(methods=['GET'], url_path='package/(?P[^\/]+)')
> def get_package(self, request, package_id):
>
>
> I have tried just about every possible combination 
> of @authentication_classes() and @permission_classes() decorators, trying 
> different orders too, and no matter what I get:
> {
>   "detail": "Authentication credentials were not provided."
> }
>
> I've even tried making my own authentication class:
> class NoAuthentication(BaseAuthentication):
> def authenticate(self, request):
> return True
>
>
> def authenticate_header(self, request):
> pass
>
> And then using it as such:
> @list_route(methods=['GET'], url_path='package/(?P[^\/]+)')
> @authentication_classes([NoAuthentication, ])
> @permission_classes([AllowAny, ])
> def get_package(self, request, package_id):
> Which does a whole lot of nothing.
>
>
> Removing this view from the ViewSet is a last resort as I'd rather not 
> have to hard-code a URL that mimics the ViewSet's route. I would really 
> like to know why I can't disable auth on a single view.
>
>
> Any help here would be much appreciated!
>
>
> Thanks
> Dan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ignore authentication on a single list_route within ViewSet?

2017-01-04 Thread Dan 
Hi everyone,


I am trying to figure out how to remove authentication from a single view 
within a ViewSet. I essentially want this endpoint to be public, but not 
effect any other view in here.

In settings.py I have:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
),

'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),...
}


My ViewSet is just a basic viewsets.ViewSet with no decorators or variables 
being modified on the class.

In this ViewSet I have the following view:
@list_route(methods=['GET'], url_path='package/(?P[^\/]+)')
def get_package(self, request, package_id):


I have tried just about every possible combination 
of @authentication_classes() and @permission_classes() decorators, trying 
different orders too, and no matter what I get:
{
  "detail": "Authentication credentials were not provided."
}

I've even tried making my own authentication class:
class NoAuthentication(BaseAuthentication):
def authenticate(self, request):
return True


def authenticate_header(self, request):
pass

And then using it as such:
@list_route(methods=['GET'], url_path='package/(?P[^\/]+)')
@authentication_classes([NoAuthentication, ])
@permission_classes([AllowAny, ])
def get_package(self, request, package_id):
Which does a whole lot of nothing.


Removing this view from the ViewSet is a last resort as I'd rather not have 
to hard-code a URL that mimics the ViewSet's route. I would really like to 
know why I can't disable auth on a single view.


Any help here would be much appreciated!


Thanks
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.