Clever Geek Handbook

Django Swagger doesn't show urls without permission.

I am creating Django-rest-swagger for my project. I have the following settings for Django-restframework.

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

Now that I have a View with some permission class like this

class CreateUserView(viewsets.ModelViewSet):
    serializer_class = UserServiceSerializer
    authentication_classes = []
    permission_classes = []

class UserProfileView(viewsets.ModelViewSet):

    serializer_class = UserProfileSerializer
    serializer_class_2 = UserServiceSerializer

I see the following view

enter image description here

But when add permission_classes

in both kinds like this

class CreateUserView(viewsets.ModelViewSet):
    serializer_class = UserServiceSerializer
    authentication_classes = []
    permission_classes = []

class UserProfileView(viewsets.ModelViewSet):

    serializer_class = UserProfileSerializer
    serializer_class_2 = UserServiceSerializer
    permission_classes = []

I see a view like this

enter image description here

I don't want to add a permission class in every view as I have one class for my entire view and I mentioned this in my rest-framework setup setup. How can i do this?

+4


source to share


2 answers


When you set permission_classes

as []

, you clear the default permission classes for that view.

From corsa, you can set this default behavior for all views:

REST_FRAMEWORK = {
    # ...
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny',
    ),
}


But be careful, in this case any unauthorized user can create records in your database.

If you don't want this, but want to see all the actions, just click the button Authorize

in Swagger and enter your token or username and password (depends on SECURITY_DEFINITIONS

.)

+1


source


It looks like you have applied the default permission classes to make the API not public, so one way to overcome this is to apply "AllowAny" as the default permission class, but that way all your APIs will be public, so another solution you can try is to set the swagger option in you settings.py

SWAGGER_SETTINGS = {

'SECURITY_DEFINITIONS': {
'api_key': {
    'type': 'apiKey',
    'in': 'header',
    'name': 'Authorization'
}
},


this will ask for a token in the browser when using this API.

0


source






More articles:


All Articles