Devin Dixon
Reputation: 12383
Django permission_classes for access to route is not callable
I am trying to change the permissions to specific routes. Some routes I want to be open, other routes I want the user to be authenticated. My code is the following:
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.viewsets import GenericViewSet
class UserViewSet(GenericViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsAuthenticated]
renderer_classes = [JSONRenderer]
@action(url_path="an/api/path", detail=False, methods=["post"], renderer_classes=[JSONRenderer])
@api_view(['GET'])
@permission_classes((IsAuthenticated, ))
def get_stuff(self, request):
#Will get stuff
But I keep getting this error:
File "/code/api/views/UserViewSet.py", line 16, in <module>
api_1 | class UserViewSet(GenericViewSet):
api_1 | File "/code/api/views/UserViewSet.py", line 33, in UserViewSet
api_1 | @permission_classes((IsAuthenticated, ))
api_1 | TypeError: 'list' object is not callable
In my settings.py, I have:
REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.IsAuthenticated",
],
"DEFAULT_AUTHENTICATION_CLASSES": [
"rest_framework_jwt.authentication.JSONWebTokenAuthentication",
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.BasicAuthentication",
],
"DEFAULT_RENDERER_CLASSES": (
"rest_framework.renderers.JSONRenderer",
)
Any idea why it keeps throwing list' object is not callable function?
Upvotes: 0
Views: 1900
Answers (2)
Trent
Reputation: 3103
The issue here is that without aliasing the name of the decorator, the class will think you're trying to use the internal property "permission_classes".
from rest_framework.decorators import api_view, permission_classes as view_permission_classes
from rest_framework.permissions import IsAuthenticated
from rest_framework.viewsets import GenericViewSet
class UserViewSet(GenericViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [IsAuthenticated]
renderer_classes = [JSONRenderer]
@action(url_path="an/api/path", detail=False, methods=["post"], renderer_classes=[JSONRenderer])
@api_view(['GET'])
@view_permission_classes((IsAuthenticated, ))
def get_stuff(self, request):
#Will get stuff
Upvotes: 0
chamoda
Reputation: 591
Remove permission_classes = [IsAuthenticated]. It overrides the decorator.
class UserViewSet(GenericViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
renderer_classes = [JSONRenderer]
@action(url_path="an/api/path", detail=False, methods=["post"], renderer_classes=[JSONRenderer])
@api_view(['GET'])
@permission_classes((IsAuthenticated, ))
def get_stuff(self, request):
#Will get stuff
Upvotes: 2
Related Questions
- Django DRF: @permission_classes not working
- Django Rest Framework permission_classes not working
- how to solve permission classes or logics that are not working
- Using a permission class on a detail route
- Setting different permission classes for POST and GET while using djangorestframework's default router
- permission_classes doesn't work whats going wrong?
- permission_classes doesn't work . where is problem?
- Django Rest Framework Custom Object Permission is not Called
- Permission class on @detail_route not working, Django Rest Framework
- has_object_permission not taken into account