Adding permissions to a django rest api

Question

I am working on a django rest api and i want to add permission to it . I decided to go with IsAuthenticatedOrReadOnly to allow none authenticated people to read only and allow authenticated people to add data

setting.py:

REST_FRAMEWORK = {

    'DEFAULT_PERMISSION_CLASSES': [

        'rest_framework.permissions.IsAuthenticated',
    ]}

views.py:

@api_view(['GET','POST'])

@permission_classes([IsAuthenticatedOrReadOnly])

def list_drinks(request, format=none):
  
   if request.method ==  'GET':

        drinks = Drink.objects.all()

        serializer = DrinkSerializer(drinks, many=True)

        return Response(serializer.data)

    if request.method == 'POST':

        serializer = DrinkSerializer(data=request.data)

        if serializer.is_valid():

            serializer.save()

            return Response(serializer.data, status=status.HTTP_201_CREATED)

when i try to access the api without authentification, i can only read but when i try to do a modification while adding a username and a password, i get the message "detail": "You do not have permission to perform this action." even though i am authenticated as admin (a superuser)

what's the problem?

Did you set the `DEFALUT_AUTHENTICATION_CLASS` attribute in the `REST_FRAMEWORK ` object in settings.py file? — Metalgear, Aug 15 '22 at 12:50

score 0 · Answer 1 · answered Aug 16 '22 at 03:49

Make sure you have the necessary authentication classes in your REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] settings.

For basic authentication add "rest_framework.authentication.BasicAuthentication" to the list.

If you are using the browsable API you need to add session authentication "rest_framework.authentication.SessionAuthentication"

Adding permissions to a django rest api

1 Answers1