permission to class some fields of ViewSet method Django rest framework

Question

I want AllowAny permission only for the retrieve function. In my ViewSets.

class PostLanguageViewSet(viewsets.ViewSet):

    permission_classes = (permissions.AllowAny,)

    permission_classes_per_method = {
        "retrieve": permission_classes
    }

    def retrieve(self, request, post_id=None, post_language_id=None, *args, **kwargs):
    ...

    def destroy(self, request, post_id=None, post_language_id=None, *args, **kwargs):
    ...

    def update(self, request, post_id=None, post_language_id=None, *args, **kwargs):
    ...

this method allows all function permission AllowAny.

gypark · Accepted Answer · 2022-10-05T08:31:54.137

3

try this

class PostLanguageViewSet(viewsets.ViewSet):
    def get_permissions(self):
        if self.request.method == 'GET':
            return [permissions.AllowAny()]
        else:
            return super().get_permissions()

edited Oct 05 '22 at 08:31

answered Oct 05 '22 at 07:37

gypark

251
1
8

Is there any other method to do the same things??? – MdHassan413 Oct 05 '22 at 07:52
Sorry. I only know this way. – gypark Oct 05 '22 at 07:58
This looks like a valid solution to your problem – Usoof Oct 05 '22 at 08:20
Sorry. I fixed the parameters of the get_permissions method. (self, request) -> (self) – gypark Oct 05 '22 at 08:32

score 3 · Answer 2 · answered Oct 06 '22 at 04:54

If you want to be specific to action and not method. You can check the action and apply the permission accordingly.

    class PostLanguageViewSet(viewsets.ViewSet):
        def get_permissions(self):
            if self.action == 'retrieve':
                return [permissions.AllowAny()]
            return super().get_permissions()

score 0 · Answer 3 · answered Oct 05 '22 at 07:35

0

You can use action decorator to achieve this this will override permissions and much more.

class PostLanguageViewSet(viewsets.ViewSet):
    permission_classes = [permissions.AnyOtherPermissionForOtherMethods]

    @action(
        methods=("GET",),
        url_path="get-language",
        url_name="get-language",
        detail=True,
        permission_classes=[
            permissions.AllowAny],
    )
    def retrive_language(self, request, post_id=None, post_language_id=None, *args, **kwargs):
        #Your Code

    def destroy(self, request, post_id=None, post_language_id=None, *args, **kwargs):
    ...

    def update(self, request, post_id=None, post_language_id=None, *args, **kwargs):
    ...
        ````

answered Oct 05 '22 at 07:35

Krishna Singhal

631
6
9

Not, Working... same ``` "detail": "Authentication credentials were not provided." ``` – MdHassan413 Oct 05 '22 at 07:50
Add authentication_classes=[] in action decorator and check – Krishna Singhal Oct 05 '22 at 07:57
Still getting... – MdHassan413 Oct 05 '22 at 08:04
please share code – Krishna Singhal Oct 05 '22 at 08:06

permission to class some fields of ViewSet method Django rest framework

3 Answers3