seonghuhn
Reputation: 83
Why when I add @api_view to my view that I get a 403
I was following along with the Django REST Framework tutorial on Django 2.0, http://www.django-rest-framework.org/tutorial/2-requests-and-responses/. However when I add the @api_view decorator I get a 403 when I do a GET on the view.
GET /attendance/api/youths/
HTTP 403 Forbidden
Allow: OPTIONS, GET
Content-Type: application/json
Vary: Accept
{
"detail": "Invalid username/password."
}
This is my code.
@api_view(['GET'])
def youths_json(request, format=None):
youths = Youth.objects.filter(attending=True)
serializer = YouthSerializer(youths, many=True)
return Response(serializer.data)
When I add the AllowAny permission it still doesn't work.
@permission_classes((AllowAny, ))
Any ideas? I would like to get this to work and I would really like to use the ListAPIView.
Upvotes: 2
Views: 1049
Answers (2)
Minuddin Ahmed Rana
Reputation: 1144
You forgot to add authentication_classes. Add @authentication_classes() with necessary class. To allow user without authentication use empty tuple.
Upvotes: 2
Jason
Reputation: 11363
Order of decorators matters.
@api_view(['GET'])
@permission_classes((AllowAny, ))
def youths_json(request):
# code here
Upvotes: 1
Related Questions
- Django-rest-framework api permission AllowAny authentication failed
- Cannot access API view on post request using decorator [AllowAny]
- has_permission() missing 1 required positional argument: 'view'
- Rest API call returning forbidden
- permission doesn't work in view method [Django restframework]
- Rest framework permission for specific view
- Django view to call api
- Why my view is not found in django rest framework?
- Django view visible only to admin
- Unable to access Django REST view