Closed omaraltayyan closed 3 years ago
note that i am using the provided React plugin not Django templates
Yes. You have control over it via the authentication and permissions of django-rest-framework.
If you want to prevent anyone from using the API, allowing access only to registered users, you could use the following in your settings module:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.SessionAuthentication',
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
]
}
Yes. You have control over it via the authentication and permissions of django-rest-framework.
If you want to prevent anyone from using the API, allowing access only to registered users, you could use the following in your settings module:
REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': [ 'rest_framework.authentication.SessionAuthentication', ], 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.IsAuthenticated', ] }
very helpful thanks!!
is there a method by which we can control access to the API to private comments, imagine having a thread in a closed private forum page, is anyone who can guess object and content type IDs will be able to get the comments on any entity on any site that uses this library?