CODEWITHSUNDEEP
djangoauthenticationdjango-rest-frameworkdjango-viewsdjango-authentication
Pranava Mohan
Pranava Mohan

Reputation: 631

Django Rest Framework permissions outside Rest Framework view

I am using Rest Framework Token authentication. Which means I cannot know if a user is authenticated outside a rest framework view eg:(A regular django view). The Rest Framework token authentication is a custom auth system which can only be used in a rest framework view.

In a normal rest framework view, I can restrict the endpoint for authenticated users by using this:

class ExampleView(APIView):
    permission_classes = [IsAuthenticated]

    def get(self, request, format=None):
        content = {
            'status': 'request was permitted'
        }
        return Response(content)

But how will I do that for a regular django view. eg:

def someDjangoView(request):
    '''
    Note that I cannout use request.user.is_authenticated.
    It will always return false as I am using rest framework token authentication.
    Which means the request parameter should be of rest framework's and not django's built-in.
    '''
    
    content = {"detail": "Only authenticated users should access this"}
    
    return JsonResponse(content)

I am stuck in a situation where I have to know if a user is authenticated (custom auth) outside a rest framework view.

Is there any way to do that?

Upvotes: 1

Views: 630

Answers (2)

sytech
sytech

Reputation: 40961

DRF builds on top of the builtin Django contrib.auth user auth system. So, for regular django views, you can use the regular methods provided by contrib.auth.

DRF also supports session-based authentication (usually the default when using contrib.auth). This is ideal, for example, when you have some JavaScript code running in the browser with the user's session.

Note that I cannout use request.user.is_authenticated. It will always return false as I am using rest framework token authentication

If you are using rest framework token authentication, then you must use views that are compatible with that. request.user.is_authenticated is part of the contrib.auth system built into django. However, you must authenticate a user for this to be True. Rest Framework does this for you. If you're not using the rest framework, you must auth the user yourself!

A simple answer may be to decorate your views to make them utilize the rest framework authentication you define:

@api_view(['GET'])
@authentication_classes(...) # if defaults are not applied
@permission_classes(...) # to apply permissions you need
def view(request):
    return Response({"message": "Hello for today! See you tomorrow!"})

Upvotes: 1

Brian Destura
Brian Destura

Reputation: 12068

You can use the api_view decorator to your function-based view to enable DRF:

from rest_framework.decorators import api_view, authentication_classes


@api_view(http_method_names=['GET', 'POST'])
@authentication_classes([YourTokenAuthenticationClass])
def someDjangoView(request):
    print(request.user)
    ...
    return JsonResponse(content)

Upvotes: 1

Related Questions