aboutsummaryrefslogtreecommitdiffstats
path: root/tutorial/4-authentication-and-permissions.html
diff options
context:
space:
mode:
authorTom Christie2013-11-18 15:50:29 +0000
committerTom Christie2013-11-18 15:50:29 +0000
commitb907a4448572e3c48137e983248fb7411246563a (patch)
tree9e2c56d0b5464dbb3a4c99b91a1a71910c1b3076 /tutorial/4-authentication-and-permissions.html
parent961002854e202bb7017b38416a4e521850d4b20a (diff)
downloaddjango-rest-framework-b907a4448572e3c48137e983248fb7411246563a.tar.bz2
Remove .html suffixes
Diffstat (limited to 'tutorial/4-authentication-and-permissions.html')
-rw-r--r--tutorial/4-authentication-and-permissions.html94
1 files changed, 49 insertions, 45 deletions
diff --git a/tutorial/4-authentication-and-permissions.html b/tutorial/4-authentication-and-permissions.html
index 5ce9c149..bde22d77 100644
--- a/tutorial/4-authentication-and-permissions.html
+++ b/tutorial/4-authentication-and-permissions.html
@@ -4,6 +4,7 @@
<meta charset="utf-8">
<title>Django REST framework - Tutorial 4: Authentication & Permissions</title>
<link href="http://django-rest-framework.org/img/favicon.ico" rel="icon" type="image/x-icon">
+ <link rel="canonical" href="http://django-rest-framework.org/tutorial/4-authentication-and-permissions"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Django, API, REST, Tutorial 4: Authentication & Permissions">
<meta name="author" content="Tom Christie">
@@ -41,8 +42,8 @@
<div class="navbar-inner">
<div class="container-fluid">
<a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/master">GitHub</a>
- <a class="repo-link btn btn-inverse btn-small " href="../tutorial/5-relationships-and-hyperlinked-apis.html">Next <i class="icon-arrow-right icon-white"></i></a>
- <a class="repo-link btn btn-inverse btn-small " href="../tutorial/3-class-based-views.html"><i class="icon-arrow-left icon-white"></i> Previous</a>
+ <a class="repo-link btn btn-inverse btn-small " href="../tutorial/5-relationships-and-hyperlinked-apis">Next <i class="icon-arrow-right icon-white"></i></a>
+ <a class="repo-link btn btn-inverse btn-small " href="../tutorial/3-class-based-views"><i class="icon-arrow-left icon-white"></i> Previous</a>
<a class="repo-link btn btn-inverse btn-small" href="#searchModal" data-toggle="modal"><i class="icon-search icon-white"></i> Search</a>
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
@@ -56,56 +57,56 @@
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Tutorial <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/tutorial/quickstart.html">Quickstart</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/1-serialization.html">1 - Serialization</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/2-requests-and-responses.html">2 - Requests and responses</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/3-class-based-views.html">3 - Class based views</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/4-authentication-and-permissions.html">4 - Authentication and permissions</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis.html">5 - Relationships and hyperlinked APIs</a></li>
- <li><a href="http://django-rest-framework.org/tutorial/6-viewsets-and-routers.html">6 - Viewsets and routers</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/quickstart">Quickstart</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/1-serialization">1 - Serialization</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/2-requests-and-responses">2 - Requests and responses</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/3-class-based-views">3 - Class based views</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/4-authentication-and-permissions">4 - Authentication and permissions</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/5-relationships-and-hyperlinked-apis">5 - Relationships and hyperlinked APIs</a></li>
+ <li><a href="http://django-rest-framework.org/tutorial/6-viewsets-and-routers">6 - Viewsets and routers</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">API Guide <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/api-guide/requests.html">Requests</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/responses.html">Responses</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/views.html">Views</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/generic-views.html">Generic views</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/viewsets.html">Viewsets</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/routers.html">Routers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/parsers.html">Parsers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/renderers.html">Renderers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/serializers.html">Serializers</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/fields.html">Serializer fields</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/relations.html">Serializer relations</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/authentication.html">Authentication</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/permissions.html">Permissions</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/throttling.html">Throttling</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/filtering.html">Filtering</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/pagination.html">Pagination</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/content-negotiation.html">Content negotiation</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/format-suffixes.html">Format suffixes</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/reverse.html">Returning URLs</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/exceptions.html">Exceptions</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/status-codes.html">Status codes</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/testing.html">Testing</a></li>
- <li><a href="http://django-rest-framework.org/api-guide/settings.html">Settings</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/requests">Requests</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/responses">Responses</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/views">Views</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/generic-views">Generic views</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/viewsets">Viewsets</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/routers">Routers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/parsers">Parsers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/renderers">Renderers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/serializers">Serializers</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/fields">Serializer fields</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/relations">Serializer relations</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/authentication">Authentication</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/permissions">Permissions</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/throttling">Throttling</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/filtering">Filtering</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/pagination">Pagination</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/content-negotiation">Content negotiation</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/format-suffixes">Format suffixes</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/reverse">Returning URLs</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/exceptions">Exceptions</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/status-codes">Status codes</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/testing">Testing</a></li>
+ <li><a href="http://django-rest-framework.org/api-guide/settings">Settings</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Topics <b class="caret"></b></a>
<ul class="dropdown-menu">
- <li><a href="http://django-rest-framework.org/topics/documenting-your-api.html">Documenting your API</a></li>
- <li><a href="http://django-rest-framework.org/topics/ajax-csrf-cors.html">AJAX, CSRF & CORS</a></li>
- <li><a href="http://django-rest-framework.org/topics/browser-enhancements.html">Browser enhancements</a></li>
- <li><a href="http://django-rest-framework.org/topics/browsable-api.html">The Browsable API</a></li>
- <li><a href="http://django-rest-framework.org/topics/rest-hypermedia-hateoas.html">REST, Hypermedia & HATEOAS</a></li>
- <li><a href="http://django-rest-framework.org/topics/rest-framework-2-announcement.html">2.0 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/2.2-announcement.html">2.2 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/2.3-announcement.html">2.3 Announcement</a></li>
- <li><a href="http://django-rest-framework.org/topics/release-notes.html">Release Notes</a></li>
- <li><a href="http://django-rest-framework.org/topics/credits.html">Credits</a></li>
+ <li><a href="http://django-rest-framework.org/topics/documenting-your-api">Documenting your API</a></li>
+ <li><a href="http://django-rest-framework.org/topics/ajax-csrf-cors">AJAX, CSRF & CORS</a></li>
+ <li><a href="http://django-rest-framework.org/topics/browser-enhancements">Browser enhancements</a></li>
+ <li><a href="http://django-rest-framework.org/topics/browsable-api">The Browsable API</a></li>
+ <li><a href="http://django-rest-framework.org/topics/rest-hypermedia-hateoas">REST, Hypermedia & HATEOAS</a></li>
+ <li><a href="http://django-rest-framework.org/topics/rest-framework-2-announcement">2.0 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/2.2-announcement">2.2 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/2.3-announcement">2.3 Announcement</a></li>
+ <li><a href="http://django-rest-framework.org/topics/release-notes">Release Notes</a></li>
+ <li><a href="http://django-rest-framework.org/topics/credits">Credits</a></li>
</ul>
</li>
</ul>
@@ -263,7 +264,10 @@ class UserSerializer(serializers.ModelSerializer):
</code></pre>
<p>Because <code>'snippets'</code> is a <em>reverse</em> relationship on the User model, it will not be included by default when using the <code>ModelSerializer</code> class, so we needed to add an explicit field for it.</p>
<p>We'll also add a couple of views to <code>views.py</code>. We'd like to just use read-only views for the user representations, so we'll use the <code>ListAPIView</code> and <code>RetrieveAPIView</code> generic class based views.</p>
-<pre class="prettyprint lang-py"><code>class UserList(generics.ListAPIView):
+<pre class="prettyprint lang-py"><code>from django.contrib.auth.models import User
+
+
+class UserList(generics.ListAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
@@ -347,7 +351,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
</code></pre>
<p>Now, if you open a browser again, you find that the 'DELETE' and 'PUT' actions only appear on a snippet instance endpoint if you're logged in as the same user that created the code snippet.</p>
<h2 id="authenticating-with-the-api">Authenticating with the API</h2>
-<p>Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets. We haven't set up any <a href="../api-guide/authentication.html">authentication classes</a>, so the defaults are currently applied, which are <code>SessionAuthentication</code> and <code>BasicAuthentication</code>.</p>
+<p>Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets. We haven't set up any <a href="../api-guide/authentication">authentication classes</a>, so the defaults are currently applied, which are <code>SessionAuthentication</code> and <code>BasicAuthentication</code>.</p>
<p>When we interact with the API through the web browser, we can login, and the browser session will then provide the required authentication for the requests.</p>
<p>If we're interacting with the API programmatically we need to explicitly provide the authentication credentials on each request.</p>
<p>If we try to create a snippet without authenticating, we'll get an error:</p>
@@ -362,7 +366,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
</code></pre>
<h2 id="summary">Summary</h2>
<p>We've now got a fairly fine-grained set of permissions on our Web API, and end points for users of the system and for the code snippets that they have created.</p>
-<p>In <a href="5-relationships-and-hyperlinked-apis.html">part 5</a> of the tutorial we'll look at how we can tie everything together by creating an HTML endpoint for our highlighted snippets, and improve the cohesion of our API by using hyperlinking for the relationships within the system.</p>
+<p>In <a href="5-relationships-and-hyperlinked-apis">part 5</a> of the tutorial we'll look at how we can tie everything together by creating an HTML endpoint for our highlighted snippets, and improve the cohesion of our API by using hyperlinking for the relationships within the system.</p>
</div><!--/span-->
</div><!--/row-->
</div><!--/.fluid-container-->
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 14:16:17 +0000