Tastypie:GET身份验证和POST匿名 [英] Tastypie : Authentication for GET and Anonymous for POST

问题描述

我使用Django/Tastypie管理我的用户集合.

I use Django/Tastypie to manage my user collection.

是否可以允许匿名用户在API中进行POST(在某个终结点上创建新用户时)，并将经过身份验证的用户限制为仅获取其自己的用户，而不是所有用户?

Is it possible to allow anonymous users to POST in the API (when creating a new user at some endpoint) and restrict authenticated users to GET only their own user, but not all the users ?

感谢您的帮助.

推荐答案

我发现最简单的方法是继承我正在使用的Authentication类.当方法为POST时，只需重写is_authenticated方法以返回True.

I found the easiest thing to do was subclass the Authentication class I'm using. Just override the is_authenticated method to return True when the method is POST.

class AnonymousPostAuthentication(BasicAuthentication):
    """ No auth on post / for user creation """

    def is_authenticated(self, request, **kwargs):
        """ If POST, don't check auth, otherwise fall back to parent """

        if request.method == "POST":
            return True
        else:
            return super(AnonymousPostAuthentication, self).is_authenticated(request, **kwargs)

我将验证放入Validation的子类中，并覆盖了is_valid.

I put my validation in a subclass of Validation and override is_valid.

我执行GET过滤的方式与上述Sampson相同.

I do the GET filtering the same way Sampson does it above.

这篇关于Tastypie:GET身份验证和POST匿名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！