删除特定URL路径的身份验证和权限 [英] remove authentication and permission for specific url path

问题描述

我正在与DRF合作，并且遇到了这个问题.我有一个第三方视图，我正在这样导入 urls.py 文件:

 从some_package导入some_viewurlpatterns = [路径('视图/'，some_view)] 

但是我面临的问题是因为我已经在我的 settings.py 中启用了默认权限类，如下所示:

  REST_FRAMEWORK = {'DEFAULT_AUTHENTICATION_CLASSES':('rest_framework.authentication.TokenAuthentication'，)，'DEFAULT_PERMISSION_CLASSES':('rest_framework.permissions.IsAuthenticated'，)，} 

现在，当我使用url调用该视图时，由于我不提供令牌，它会给我身份验证错误.有没有一种方法可以绕过身份验证错误而无需必须直接在视图中进行更改，我知道我们可以删除该特定视图的权限，但是为此，我将不得不对该 some_view 函数代码进行更改.但是我不想这样做，也就是说我们无法访问该功能，我们只能传递数据并接收响应.我如何绕过身份验证而不必更改该功能代码.我尝试搜索，但是找不到我想要的东西.

我以为我们可以通过urls.py做到这一点，例如指定任何参数或类似的东西，使特定视图绕过身份验证，而不必更改功能代码.

像这样的东西:

 从some_package导入some_viewurlpatterns = [path('view/'，some_view，"some_parameter")#从此处传递某个参数或类似的参数] 

我可能正在寻找什么?在此先感谢:)

解决方案

因此，第三方视图最合适的方法是通过在 urls.py 中定义装饰器来使用装饰器:

案例1

我认为 some_view 是从 rest_framework.views.APIView 继承的类:

urls.py

django.urls导入路径中的

 从rest_framework.decorators导入Permission_classes，authentication_classes从rest_framework.permissions导入AllowAny从some_package导入some_viewurlpatterns = [path(''，authentication_classes([])(permission_classes([AllowAny])(some_view)).as_view())] 

案例2

我假设 some_view 是一个简单的Django视图函数，您需要为 GET 方法定义它:

urls.py

django.urls导入路径中的

 从rest_framework.decorators导入api_view，Permission_classes，authentication_classes从rest_framework.permissions导入AllowAny从some_package导入some_viewurlpatterns = [path(''，api_view(['GET'])(authentication_classes([])(permission_classes([AllowAny])(some_view))))​​)] 

案例3

我假设 some_view 是装饰有 api_view 的DRF视图功能.这是最困难且最可能是最不可能的部分，因为您必须取消装饰以前的 api_view 装饰器.如果视图函数用 api_view 装饰，则它已经转换为Django视图函数，因此 permision_classes 和 authentication_classes 都不能追加到类:

I'm working with DRF and came across this issue. I have a third-party view which I'm importing in my urls.py file like this :

from some_package import some_view

urlpatterns = [
    path('view/',some_view)
]

but the issue I'm facing is since I have enabled default permission classes in my settings.py like this:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
               'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES':(
                'rest_framework.permissions.IsAuthenticated',
    ),

}

now when I call that view using the url , it gives me authentication error as I'm not providing token .Is there a way I can bypass authentication error without having to make changes in view directly,I know that we can remove permission for that particular view , but for that I'll have to make changes to that some_view function code. But I don't want to do that,let's say we don't have access to that function we can only pass data and receive response. How can I bypass authentication without having to change that functions code . I tried searching but couldn't find what I'm looking for.

I was assuming that there might be someway we can do that from urls.py like specifying any parameter or something like that which make that particular view to bypass authentication without having to change functions code.

somthing like this :

from some_package import some_view

    urlpatterns = [
        path('view/',some_view,"some_parameter") #passing someparameter from here or something like that
    ]

Is it possible what I'm looking for ? Thanks in advance :)

解决方案

So, the most appropriate way for third-party views is to use decorators by defining them inside your urls.py:

Case 1

I assume that some_view is a class inherited from rest_framework.views.APIView:

urls.py

from django.urls import path
from rest_framework.decorators import permission_classes, authentication_classes
from rest_framework.permissions import AllowAny

from some_package import some_view

urlpatterns = [
    path('', authentication_classes([])(permission_classes([AllowAny])(some_view)).as_view())
]

Case 2

I assume that some_view is a simple Django view function and you need to define it for GET method:

urls.py

from django.urls import path
from rest_framework.decorators import api_view, permission_classes, authentication_classes
from rest_framework.permissions import AllowAny

from some_package import some_view

urlpatterns = [
    path('', api_view(['GET'])(authentication_classes([])(permission_classes([AllowAny])(some_view))))
]

Case 3

I assume that some_view is an api_view decorated DRF view function. This is the hardest and most probably the most impossible part because you have to undecorate the previous api_view decorator. If view function is decorated with api_view, then it is already converted into Django view function so neither permision_classes nor authentication_classes can be appended to class:

这篇关于删除特定URL路径的身份验证和权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！