Reputation: 59
Custom Authorization class in Django Tastypie
I used the following Custom Authorization class
class CustomDjangoAuthorization(DjangoAuthorization):
def read_detail(self, object_list, bundle):
result = super(CustomDjangoAuthorization, self).read_detail(object_list, bundle)
# now we check here for specific permission
if bundle.request.user.profile.user_status:
raise Unauthorized("You are not allowed to access that resource.")
return result
It gives
401 Unauthorized
when the user_status = 1. But when I change the user_status to 0, it still shows
401 Unauthorized
error.
My unsends authorizationderstanding was that for each request, tastypie checks Authorization and gives a 200 response for Ok and 401 for Unauthorized. Am I missing something here?
Hey Sean, I tried moving custom code before super. I get a
AttributeError: ‘AnonymousUser’ object has no attribute ‘profile’
Everything is working in localhost, production is giving a problem.
This happens in both cases, when user_status = 1 & when user_status = 0
Using Django 1.8 and Tastypie 0.13.3.
Upvotes: 1
Views: 355
Answers (3)
Reputation: 59
@Sean Hayes is right, my user was logged out. I am using a custom url and didn't know that it didn't take my APIAuthentication by default.
I had to add self.is_authenticated(request) in my custom method for it to work.
Upvotes: 1
Reputation: 10680
Based on Your code and symptoms I guess You have bad authorization details. Check Your username and api_key. Probably You have typo or You use a local authorization details on production.
Upvotes: 0
Reputation: 4360
Move your custom code before the call to super(), and add a check to see if the user is anonymous:
class CustomDjangoAuthorization(DjangoAuthorization):
def read_detail(self, object_list, bundle):
# check here for specific permission
if (not bundle.request.user.is_authenticated()) or bundle.request.user.profile.user_status:
raise Unauthorized("You are not allowed to access that resource.")
result = super(CustomDjangoAuthorization, self).read_detail(object_list, bundle)
return result
You were getting AttributeError: ‘AnonymousUser’ object has no attribute ‘profile’ because your user was logged out, so request.user was an AnonymousUser, therefore no profile.
Upvotes: 0
Related Questions
- What is the difference between null=True and blank=True in Django?
- How to combine multiple QuerySets in Django?
- What does on_delete do on Django models?
- How do I do a not equal in Django queryset filtering?
- Django Tastypie Deserializing Multipart/Form-Data To Upload File
- Save multiple objects in same model using tastypie in a Django project
- tastypie returns 401 unauthorized even when using Authorization class
- Django Tastypie POST request for OneToOne relation