0

I have UserList

from rest_framework import permissions

class UserList(generics.ListCreateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = (permissions.IsAuthenticated,)

As you see I need access only to authenticated users, but I always have all permissions. Any idea?

Igonato
  • 10,175
  • 3
  • 35
  • 64
  • 2
    Your question is not clear. 1. Are you sure you are not logged in as admin when calling this view? If you are logged in to admin, DRF is going to authenticate you automatically. 2. Did you want a list of users who have this permission on them? – Druhin Bala May 04 '17 at 19:26
  • @DruhinBala 1. I'm sure 2. No, I want calling this view only authenticated users. I have found some solution [here](http://stackoverflow.com/a/39319138/6286625) –  May 05 '17 at 08:41
  • The code looks fine. Are you absolutely sure you're not logged in? You did try another browser or incognito mode, right? – Igonato May 05 '17 at 20:01

1 Answers1

0

The code looks fine. There are a few things you can try:

  1. As @Druhin mentioned, ensure you've attempted the request in a new incognito window to ensure you don't have a cookie or something authenticating you.
  2. Ensure you are reaching the correct URL. Are you sure you don't have another view mapped to that specific URL?
  3. As an even more solid method, use CURL to send the request.
  4. This is not your problem, but you can also configure default permissions for the rest framework.

For example, in settings.py:

 REST_FRAMEWORK = {
      'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
     )
 }

If none of those options work, please post your settings and any other relevant code.

Jamie Counsell
  • 7,730
  • 6
  • 46
  • 81