Reputation: 131
Cannot apply DjangoModelPermissions when rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly is enabled
I am trying to make MongoEngine work with Django REST framework. By following this link Getting mongoengine and django rest framework to play nice, I manage to get everything working, but have to disable "PERMISSION CLASSES" in REST framework, like below
'DEFAULT_PERMISSION_CLASSES': [
#'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
]
Otherwise, I get this error "Cannot apply DjangoModelPermissions on a view that does not have .model or .queryset property.". The reason seems to be that the returned value from "Collection.objects" or "Collection.objects.all()" can not pass "has_permission" function in permission.py in REST framework.
Could anyone help to look at this?
Upvotes: 4
Views: 4689
Answers (3)
Reputation: 11
As per Django REST docs:
This permission class ties into Django's standard django.contrib.auth model permissions. This permission must only be applied to views that have a .queryset property or get_queryset() method.
This means that on your view, you must have the queryset properly set, e.g:
queryset = SampleModel.objects.all()
Best approach will be to authenticate at a view-base level. So your view must look like this:
from rest_framework.views import APIView
from rest_framework.permissions import DjangoModelPermissionsOrAnonReadOnly
class SampleAPIView(APIView):
queryset = SampleModel.objects.all()
serializer_class = SampleSerializer
permission_classes = [DjangoModelPermissionsOrAnonReadOnly,]
And just in case you are using JWT authentication, you just need to add this to settings.py:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_simplejwt.authentication.JWTAuthentication',
)
}
Upvotes: 1
Reputation: 159
In your views.py import the following models:
from rest_framework.permissions import AllowAny
from rest_framework.decorators import api_view, permission_classes
Before declaring the function (the view function) add:
@api_view(['GET', 'POST'])
@permission_classes((AllowAny, ))
or
@api_view(['GET', 'PUT', 'DELETE'])
@permission_classes((AllowAny, ))
Upvotes: 5
Reputation: 159
Or you can just add:
from rest_framework import permissions
and in the view classes add
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
Upvotes: 7
Related Questions
- DjangoModelPermissions is not working for view level permission in my API application
- Django rest framework : custom object permissions doesn't work
- django rest framework permission 'isAdminorReadonly'
- Django Rest Framework DjangoModelPermissions not working properly
- django rest model permissions
- django rest framework - object permission does not trigger
- has_object_permission not taken into account
- Django REST Framework - Custom Permissions not Evaluating
- AssertionError: Cannot apply DjangoModelPermissions on a view that does not have `.model` or `.queryset` property
- django rest framework has_object_permission raising PermissionDenied exception