Can't delete API Key - Githubissues

manosim / django-rest-framework-api-key

An extra layer of authentication for Web APIs made with Django REST Framework

BSD 2-Clause "Simplified" License

92 stars 30 forks source link

Can't delete API Key #17

Open TurnrDev opened 6 years ago

TurnrDev commented 6 years ago

I reckon there should be a setting to override this. What's the point in assigning keys if I can't delete them when things change I can no longer trust the key is private? (Say if the key gets leaked)

flexpeace commented 6 years ago

You can override the Admin in any of your admin.py file. Below is how l implemented it

from rest_framework_api_key.models import APIKey
from rest_framework_api_key.helpers import generate_key
from rest_framework_api_key.admin import ApiKeyAdmin

class ApiKeyAdmin(ApiKeyAdmin):
    def has_delete_permission(self, request, obj=None):
        return True

And that is it. You can see the delete from the drop down at Django Backend.

carlastabile commented 6 years ago

Its worth adding that you should first unregister the original ApiKeyAdmin on the admin.py file you add this.

So the whole code will be something like this:

from rest_framework_api_key.admin import ApiKeyAdmin
from rest_framework_api_key.models import APIKey

class MyApiKeyAdmin(ApiKeyAdmin):
    def has_delete_permission(self, request, obj=None):
        return request.user.is_superuser

admin.site.unregister(APIKey)
admin.site.register(APIKey, MyApiKeyAdmin)

In my case I only gave this permission to superusers.