我的settings.py
REST_FRAMEWORK = {
'UNICODE_JSON': True,
'NON_FIELD_ERRORS_KEY': '__all__',
'DEFAULT_AUTHENTICATION_CLASSES': (
# TODO(dmu) HIGH: Support OAuth or alike authentication
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
),
'ALLOWED_VERSIONS': ['v1'],
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.NamespaceVersioning',
'TEST_REQUEST_DEFAULT_FORMAT': 'json',
'TEST_REQUEST_RENDERER_CLASSES': (
'rest_framework.renderers.JSONRenderer',
)
}
当我这样做时,我收到身份验证错误:
curl -X OPTIONS http://127.0.0.1:8000/api/passenger/v1/order/ | python -m json.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 58 0 58 0 0 469 0 --:--:-- --:--:-- --:--:-- 475
{
"detail": "Authentication credentials were not provided."
}
我希望我的服务器以“架构”描述进行响应而不需要身份验证。与此同时,我希望它像往常一样要求对GET,POST,PUT,PATCH和DELETE请求进行身份验证。
我怎样才能做到这一点?
我的解决方案
感谢Alasdair的想法。我个人使用这个解决方案:
from rest_framework.permissions import DjangoObjectPermissions
OPTIONS_METHOD = 'OPTIONS'
class DjangoObjectPermissionsOrOptions(DjangoObjectPermissions):
def has_permission(self, request, view):
if request.method == OPTIONS_METHOD:
return True
else:
return super(DjangoObjectPermissions, self).has_permission(request, view)
答案 0 :(得分:2)
Django rest框架附带一个权限类IsAuthenticatedOrReadOnly
,允许经过身份验证的用户执行任何请求,以及未经授权的用户发出GET,HEAD或OPTIONS请求。
您的用例非常相似,因此您可以尝试以下(未经测试):
@app.route('/update')
def update():
rightNow = int(time.time())
cur_id = int( request.args.get('id') )
cur_status = int( request.args.get('status') )
address_k = db.Key.from_path('Bear', str(cur_id))
address = db.get(address_k)
address.status = cur_status;
address.put()
return cur_id