我正在使用
rest_framework_jwt.authentication.JSONWebTokenAuthentication
用于我的REST API。这适用于身份验证,但对于我的技能视图,即使我没有传递任何身份验证令牌,我也可以访问REST端点。
如何对我的技能API进行身份验证。我也是Django的新手所以在用户视图中我确实有一个类,但对于我的Skill视图,我没有找到一个正确的示例来创建一个类。
请帮助我。
我有以下视图文件:
from rest_framework.permissions import IsAuthenticated
@api_view(['GET'])
def skill_collection(request):
if request.method == 'GET':
skills = Skill.objects.all()
serializer = SkillSerializer(skills, many=True)
return Response(serializer.data)
@api_view(['GET'])
def skill_element(request, pk):
try:
skill = Skill.objects.get(pk=pk)
except Skill.DoesNotExist:
return HttpResponse(status=404)
if request.method == 'GET':
serializer = SkillSerializer(skill)
return Response(serializer.data)
网址文件:
urlpatterns = [
path('admin/', admin.site.urls),
url(r'^rest-auth/', include('rest_auth.urls')),
url(r'^rest-auth/registration/', include('rest_auth.registration.urls')),
url(r'^rest-auth/login/', include('rest_auth.registration.urls')),
url(r'^refresh-token/', refresh_jwt_token),
url(r'^user/$', DetailsView.as_view(), name='rest_user_details'),
url(r'^', include('api.urls')),
url(r'^api/v1/skills/$', wantedly_app_views.skill_collection),
url(r'^api/v1/skills/(?P<pk>[0-9]+)$', wantedly_app_views.skill_element)
]
答案 0 :(得分:0)
我可以通过在settings.py
中添加以下权限来添加JWT身份验证'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
如果这是正确的,请评论