Django REST different between permission classes and authentication classes -

Django REST different between permission classes and authentication classes -

there 1 lastly thing i'm little confused on django rest framework , that's different between permission classes , authentication classes.

this settings.py

rest_framework = { 'default_permission_classes': ( 'rest_framework.permissions.isadminuser', ), 'default_authentication_classes': ( 'rest_framework.authentication.tokenauthentication', 'rest_framework.authentication.sessionauthentication', ), 'paginate_by': 10

}

and in view have following...

class profilelist(generics.listcreateapiview): """ api endpoint represents list of users. """ permission_classes = (permissions.isadminuser,) model = profile serializer_class = profileserializer def pre_save(self, obj): obj.owner = self.request.user

what assumed happen above admin users had access browserable api while still user valid token json request. however, not case isauthenticated seems give them access = , still allows users access online version when logged in.

i want users valid token access, admin users have permission view online api version sessions, possible?

thanks.

i want users valid token access, admin users have permission view online api version sessions, possible?

the first thing worth noting browseable api won't give users more permissions having if render json. it's much nicer view onto api endpoints. typically want expose browseable api end-developers makes developing against api easier.

if want hide except admin users here 2 approaches take:

override get_renderers() method on view. (briefly documented here) can check self.request.user.is_staff, , include browseable api renderer if it's admin user.

subclass browseable api renderer, , override .render(). (eg see here) can incoming request using renderer_context['request'], , render standard json if it's not admin user.

django django-rest-framework