Tastypie:GET身份验证和POST匿名 [英] Tastypie : Authentication for GET and Anonymous for POST
问题描述
我使用Django/Tastypie管理我的用户集合.
I use Django/Tastypie to manage my user collection.
是否可以允许匿名用户在API中进行POST(在某个终结点上创建新用户时),并将经过身份验证的用户限制为仅获取其自己的用户,而不是所有用户?
Is it possible to allow anonymous users to POST in the API (when creating a new user at some endpoint) and restrict authenticated users to GET only their own user, but not all the users ?
感谢您的帮助.
推荐答案
我发现最简单的方法是继承我正在使用的Authentication类.当方法为POST时,只需重写is_authenticated
方法以返回True
.
I found the easiest thing to do was subclass the Authentication class I'm using. Just override the is_authenticated
method to return True
when the method is POST.
class AnonymousPostAuthentication(BasicAuthentication):
""" No auth on post / for user creation """
def is_authenticated(self, request, **kwargs):
""" If POST, don't check auth, otherwise fall back to parent """
if request.method == "POST":
return True
else:
return super(AnonymousPostAuthentication, self).is_authenticated(request, **kwargs)
我将验证放入Validation
的子类中,并覆盖了is_valid
.
I put my validation in a subclass of Validation
and override is_valid
.
我执行GET过滤的方式与上述Sampson相同.
I do the GET filtering the same way Sampson does it above.
这篇关于Tastypie:GET身份验证和POST匿名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!