Django REST Framework - Custom Permissions not Evaluating -


i'm trying set custom permissions on class extends viewsets.modelviewset , appears permissions not being evaluated. here view:

from rest_framework import viewsets rest_framework.authentication import sessionauthentication, basicauthentication rest_framework.permissions import isauthenticated  import models import serializers permissions import isadminorauthenticatedreadonly  class kpiviewset(viewsets.modelviewset):     '''     api endpoint allows kpi metadata viewed or edited     '''      authentication_classes = (basicauthentication,)     permission_classes = (isadminorauthenticatedreadonly,)      queryset = models.kpi.objects.all()     serializer_class = serializers.kpiserializer

and here permission class:

from rest_framework.permissions import basepermission, safe_methods  class isadminorauthenticatedreadonly(basepermission):     def has_permissions(self, request, view):          if request.method in safe_methods:             return request.user , request.user.is_authenticated()          return request.user , request.user.is_staff()

the problem i'm running isadminorauthenticatedreadonly never seems evaluated. tested both forcing return "false" , switching permission_classes value "isauthenticated" in view. in former scenario, request endpoint returns if there no authentication requirement. in later, authentication enforced expected.

any ideas i'm missing?

the method name has_permission not has_permissions (no s) ;)


Comments

Post a Comment

Popular posts from this blog

javascript - Bootstrap Popover: iOS Safari strange behaviour -

i looking through twitter bootstrap documentation, , i'm interested in implementing dismissible popover when button clicked. here example bootstrap's docs: http://getbootstrap.com/javascript/#dismiss-on-next-click when press "dismissible popover" button os x safari browser works fine. when access same link above ios safari, button not work. is, popover not dismissed on click. why button not working ios safari? the example linked using data-trigger="focus" attribute. try changing data-trigger="click" . <a tabindex="0" class="btn btn-lg btn-danger" role="button" data-toggle="popover" data-trigger="click" title="dismissible popover" data-content="and here's amazing content. it's engaging. right?">dismissible popover</a>
Read more

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

session - Logging Out Using PHP -

i have seen other programs regarding can't seem make work. doing wrong? want achieve after user logged out, going previous pages become restricted. i have 3 php files: 1. sample.php - main page username , password filled in 2. successful.php - user's page after logging in 3. logout.php - destorys session hinder user access pages after logging out sample.php </html> <form action="" method="post"> <table> <tr> <td>username:</td> <td>password:</td> </tr> <tr> <td><input type="text" name="username"></td> <td><input type="password" name="password"></td> </tr> <tr> <td><input type="submit" value="submit" name="submit"></td> </tr> </table> </form> </html> <?php $servername = "localhost"; $username = ...
Read more