4

I am setting up Django-rest-swagger for my project. I have following settings for Django-restframework.

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

Now, when I have View with some permission class like this

class CreateUserView(viewsets.ModelViewSet):
    serializer_class = UserServiceSerializer
    authentication_classes = []
    permission_classes = []

class UserProfileView(viewsets.ModelViewSet):

    serializer_class = UserProfileSerializer
    serializer_class_2 = UserServiceSerializer

I see following view

enter image description here

But when add permission_classes in both view like this

class CreateUserView(viewsets.ModelViewSet):
    serializer_class = UserServiceSerializer
    authentication_classes = []
    permission_classes = []

class UserProfileView(viewsets.ModelViewSet):

    serializer_class = UserProfileSerializer
    serializer_class_2 = UserServiceSerializer
    permission_classes = []

I see view like this

enter image description here

I do not want to add permission class in every view as I have same class for all my view and I have mentioned that in my rest-framework setting. How can I do that?

Muhammad Hassan
  • 14,086
  • 7
  • 32
  • 54

2 Answers2

1

When you set permission_classes as [] you empty default permission classes for this view.

Of corse, you can set this behavior by default for all views:

REST_FRAMEWORK = {
    # ...
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
}

But be careful, in that case any unauthorized user can create records in your database.

If you don't want it, but want to see all actions - just click the Authorize button in Swagger and enter your token or login and password (depends on SECURITY_DEFINITIONS setting).

Anton Shurashov
  • 1,820
  • 1
  • 26
  • 39
  • The queston which I asked is that when I mention some permission class in my view, urls related to that views appears in swagger. If I do not mention any permission class which means it is using default permission class in my settings, urls related to that view does not appear in swagger. – Muhammad Hassan Aug 02 '17 at 17:39
  • By default Swagger shows only open public methods, because by default it doesn't have any authorization credentials. In the first case you see urls from `CreateUserView` because `permission_classes` is empty and this is a public view, `UserProfileView` uses default settings which allow use your api only for authorized users. In the second case you make `UserProfileView` also public. You can read more about different permissions [here](http://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy). – Anton Shurashov Aug 02 '17 at 18:01
  • Its is useful information. Thanks for help. Kindly add that in your answer. Thanks – Muhammad Hassan Aug 02 '17 at 18:12
0

seems like you have applied default permission classes to make APIs non public so one way to overcome this is to apply "AllowAny" as default permission class but this way all your APIs will be public, so another solution you can try is put swagger setting in you settings.py 

SWAGGER_SETTINGS = {

'SECURITY_DEFINITIONS': {
'api_key': {
    'type': 'apiKey',
    'in': 'header',
    'name': 'Authorization'
}
},

this will ask for token in browser while using that API.

Ankush Sahu
  • 578
  • 7
  • 13