django rest framework没有认证没有权限

时间:2015-08-05 13:49:44

标签: python django rest django-rest-framework

我想在django rest框架中访问没有任何身份验证或权限的api。为了实现这一点,每当我进行下面的设置时,我都会出错。

环境:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (),
    'DEFAULT_AUTHENTICATION_CLASSES': (),
    'PAGE_SIZE': 10
}

错误:

TypeError at /endpoints/

'many' is an invalid keyword argument for this function

Request Method:     GET
Request URL:    http://localhost:9900/endponint/?format=api
Django Version:     1.8.3
Exception Type:     TypeError
Exception Value:    

'many' is an invalid keyword argument for this function

Exception Location:     /home/user/.virtualenvs/test/lib/python3.4/site-packages/django/db/models/base.py in __init__, line 480
Python Executable:  /home/user/.virtualenvs/test/bin/python
Python Version:     3.4.0
Python Path:    

['/home/user/Projects/test/new',
 '/home/user/.virtualenvs/test/lib/python3.4',
 '/home/user/.virtualenvs/test/lib/python3.4/plat-x86_64-linux-gnu',
 '/home/user/.virtualenvs/test/lib/python3.4/lib-dynload',
 '/usr/lib/python3.4',
 '/usr/lib/python3.4/plat-x86_64-linux-gnu',
 '/home/user/.virtualenvs/test/lib/python3.4/site-packages']

Server time:    Wed, 5 Aug 2015 13:46:35 +0000

Endpoint:


Request Method: GET
Request URL: http://localhost:9900/endpoint/?format=api

Django Version: 1.8.3
Python Version: 3.4.0
Installed Applications:
('django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'rest_framework',
 'app')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware')


Traceback:
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/django/core/handlers/base.py" in get_response
  132.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/django/views/decorators/csrf.py" in wrapped_view
  58.         return view_func(*args, **kwargs)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/rest_framework/viewsets.py" in view
  85.             return self.dispatch(request, *args, **kwargs)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/rest_framework/views.py" in dispatch
  456.             response = self.handle_exception(exc)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/rest_framework/views.py" in dispatch
  453.             response = handler(request, *args, **kwargs)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/rest_framework/mixins.py" in list
  43.             serializer = self.get_serializer(page, many=True)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/rest_framework/generics.py" in get_serializer
  109.         return serializer_class(*args, **kwargs)
File "/home/user/.virtualenvs/test/lib/python3.4/site-packages/django/db/models/base.py" in __init__
  480.                 raise TypeError("'%s' is an invalid keyword argument for this function" % list(kwargs)[0])

Exception Type: TypeError at /endpoints/
Exception Value: 'many' is an invalid keyword argument for this function

但是当我使用以下设置时,它可以工作,但要求提供身份验证凭据。

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
    'DEFAULT_AUTHENTICATION_CLASSES': (),
    'PAGE_SIZE': 10
}

请告诉我如何在没有任何凭据的情况下访问其他api。

我正在运行django 1.8 djangorestframework 3.1

3 个答案:

答案 0 :(得分:4)

您可以使用DJR的以下设置:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.AllowAny',),
    'DEFAULT_AUTHENTICATION_CLASSES': ('rest_framework.authentication.SessionAuthentication',),
}

AllowAny权限并不是真的需要,但我认为在配置中明确定义该行为是一种好习惯。

答案 1 :(得分:2)

在定义'serializer_class'属性

时,在视图中使用模型类时会发生此错误

答案 2 :(得分:1)

您可以在权限类中使用AllowAny权限,并在DRF设置中将身份验证类保持为空。

执行此操作将允许在不使用任何身份验证方案的情况下无限制地访问API。

根据AllowAny权限类的DRF文档:

  

AllowAny权限类允许不受限制的访问权限,   无论请求是经过身份验证还是未经身份验证。

REST_FRAMEWORK = {
    ...    
    'DEFAULT_AUTHENTICATION_CLASSES': (), # no authentication classes
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.AllowAny', # will allow unrestricted access
    ),
}
相关问题
最新问题