diff options
| author | Marko Tibold | 2012-01-02 18:12:22 +0100 |
|---|---|---|
| committer | Marko Tibold | 2012-01-02 18:12:22 +0100 |
| commit | 9871532746aee7e0f5796ae24cfb44c878759c38 (patch) | |
| tree | f506bec7abb59a3246936eac4bd687dab29aa450 | |
| parent | 412727440beb678ba3beef78ee0b934d412afe64 (diff) | |
| download | django-rest-framework-9871532746aee7e0f5796ae24cfb44c878759c38.tar.bz2 | |
Added an example of how to use authentication and throttling.
| -rw-r--r-- | docs/examples/permissions.rst | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/docs/examples/permissions.rst b/docs/examples/permissions.rst new file mode 100644 index 00000000..cfd7b446 --- /dev/null +++ b/docs/examples/permissions.rst @@ -0,0 +1,66 @@ +Permissions +=========== + +This example will show how you can protect your api by using authentication +and how you can limit the amount of requests a user can do to a resource by setting +a throttle to your view. + +Authentication +-------------- + +If you want to protect your api from unauthorized users, Django REST Framework +offers you two default authentication methods: + + * Basic Authentication + * Django's session-based authentication + +These authentication methods are by default enabled. But they are not used unless +you specifically state that your view requires authentication. + +To do this you just need to import the `Isauthenticated` class from the frameworks' `permissions` module.:: + + from djangorestframework.permissions import IsAuthenticated + +Then you enable authentication by setting the right 'permission requirement' to the `permissions` class attribute of your View like +the example View below.: + + +.. literalinclude:: ../../examples/permissionsexample/views.py + :pyobject: LoggedInExampleView + +The `IsAuthenticated` permission will only let a user do a 'GET' if he is authenticated. Try it +yourself on the live sandbox__ + +__ http://rest.ep.io/permissions-example/loggedin + + +Throttling +---------- + +If you want to limit the amount of requests a client is allowed to do on +a resource, then you can set a 'throttle' to achieve this. + +For this to work you'll need to import the `PerUserThrottling` class from the `permissions` +module.:: + + from djangorestframework.permissions import PerUserThrottling + +In the example below we have limited the amount of requests one 'client' or 'user' +may do on our view to 10 requests per minute.: + +.. literalinclude:: ../../examples/permissionsexample/views.py + :pyobject: ThrottlingExampleView + +Try it yourself on the live sandbox__. + +__ http://rest.ep.io/permissions-example/throttling + +Now if you want a view to require both aurhentication and throttling, you simply declare them +both:: + + permissions = (PerUserThrottling, Isauthenticated) + +To see what other throttles are available, have a look at the :doc:`../library/permissions` module. + +If you want to implement your own authentication method, then refer to the :doc:`../library/authentication` +module. |