@permission_classes((IsAuthenticatedOrReadOnly,)) allowing anonymous user to post data

Question

I have added @permission_classes((IsAuthenticatedOrReadOnly,)) annotation on my view n on calling post without auth details it is allowing to post data?

@permission_classes((IsAuthenticatedOrReadOnly,))
@api_view(['GET','POST'])
def my_view(request):
    # code for post and get

http://www.django-rest-framework.org/api-guide/views/#function-based-views — chandu, Jun 02 '15 at 09:35

score 1 · Answer 1 · edited Jun 02 '15 at 17:51

1

You missed this:

@authentication_classes(...)

edited Jun 02 '15 at 17:51

Celeo

5,583
8
39
41

answered Jun 02 '15 at 11:05

chandu

1,053
9
18

@permission_classes((IsAuthenticatedOrReadOnly,)) allowing anonymous user to post data

1 Answers1