stackoom
  简体   繁体   中英

Django : TokenAuthentication, setting permissions on endpoints

 原文  2016-01-28 11:51:07       python/ django/ django-rest-framework

Question

I am using Django Rest Framework to build my API and I am quite new to it.

I set up a TokenAuthentication method, and I am now trying to filter the result of my queryset depending on this token.

Basically, I have a GET endpoint (let's say "/wallet"), and I want the /wallet endpoint to give the wallet of the specific user sending the query.

My approach was to redefine the get_queryset method in my ViewSet but I can't figure out how to get the token, and how to filter the results.

Also, anynomous users shouldn't be allowed to access that endpoint.

Here is my ViewSet, I think I need some customisation here : 

class WalletViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows wallets to be viewed or edited.
    """
    queryset = Wallet.objects.filter()
    serializer_class = WalletSerializer

2 answers

solution1
 1  2016-01-28 12:32:33

My approach was to redefine the get_queryset method in my ViewSet but I can't figure out how to get the token, and how to filter the results.

Django REST framework TokenAuthentication is linked to the user. Therefore I would advice that you filter against the user which should be available in the view through self.request.user

Also, anynomous users shouldn't be allowed to access that endpoint.

Check the permission section of the documentation for that.

solution2
 0  2017-11-10 12:53:55

To allow only authenticated users to access your viewset just do 

class WalletViewSet(viewsets.ModelViewSet):
    queryset = Wallet.objects.filter()
    serializer_class = WalletSerializer
    permission_classes = (IsAuthenticated,)

To get the specific user wallet you could get the user from request and than get it's wallet with a simple model query. The end result beig: 

class WalletViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows wallets to be viewed or edited.
    """
    queryset = Wallet.objects.filter()
    serializer_class = WalletSerializer
    permission_classes = (IsAuthenticated,)

    def retrieve(self, request, pk, format=None):
        wallet = Wallet.objects.get(user=request.user)
        Response(WalletSerializer(wallet))

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django: TokenAuthentication and AbstractBaseUser Errors django rest framework TokenAuthentication not working Check if user is authenticated with django TokenAuthentication Django REST Framework TokenAuthentication to authenticate in Django generally routes to manage groups and permissions with rest api endpoints in django Django how to use login_required with TokenAuthentication Django REST framework TokenAuthentication returns anonymous user Token in query string with Django REST Framework's TokenAuthentication "detail": "Method \"GET\" not allowed." in TokenAuthentication Django rest framework Django restframework, Authentication credentials were not provided, knox-tokenauthentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM