How to restrict Django Rest Framework browsable API interface to admin users

前端 未结 3 650
执笔经年
执笔经年 2021-02-07 08:36

I\'m developing a Django Rest Framework backend for a mobile app. The API is private and will only ever be used internally.

The browsable API is convenient for helping d

3条回答
  •  梦谈多话
    2021-02-07 09:10

    Assuming you're using DRF's built in views, I think you can just override get_renderers().

    In your settings file:

    REST_FRAMEWORK = {
        # Only enable JSON renderer by default.
        'DEFAULT_RENDERER_CLASSES': [
            'rest_framework.renderers.JSONRenderer',
        ],
    }
    

    And then in your views.py:

    from rest_framework import generics, renderers
    
    class StaffBrowsableMixin(object):
        def get_renderers(self):
            """
            Add Browsable API renderer if user is staff.
            """
            rends = self.renderer_classes
            if self.request.user and self.request.user.is_staff:
                rends.append(renderers.BrowsableAPIRenderer)
            return [renderer() for renderer in rends]
    
    class CustomListApiView(StaffBrowsableMixin, generics.ListAPIView):
        """
        List view.
        """
        # normal stuff here
    

提交回复
热议问题