How to restrict Django Rest Framework browsable API interface to admin users

前端未结

关注

 3  645

执笔经年 2021-02-07 08:36

I\'m developing a Django Rest Framework backend for a mobile app. The API is private and will only ever be used internally.

The browsable API is convenient for helping d

3条回答

梦谈多话 (楼主)

2021-02-07 09:10

Assuming you're using DRF's built in views, I think you can just override get_renderers().

In your settings file:

REST_FRAMEWORK = {
    # Only enable JSON renderer by default.
    'DEFAULT_RENDERER_CLASSES': [
        'rest_framework.renderers.JSONRenderer',
    ],
}

And then in your views.py:

from rest_framework import generics, renderers

class StaffBrowsableMixin(object):
    def get_renderers(self):
        """
        Add Browsable API renderer if user is staff.
        """
        rends = self.renderer_classes
        if self.request.user and self.request.user.is_staff:
            rends.append(renderers.BrowsableAPIRenderer)
        return [renderer() for renderer in rends]

class CustomListApiView(StaffBrowsableMixin, generics.ListAPIView):
    """
    List view.
    """
    # normal stuff here

0 讨论(0)

查看其它3个回答