-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Role not working with DRF ViewSet #99
Comments
What authentication methods did you enable in your application? Can you send an example on how you are making the request (how are you passing credentials)? |
I am using Django Knox for token based authentication. So I perform authentication by retrieving a token using the Before testing REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ('knox.auth.TokenAuthentication',),
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAuthenticated',)
} to require authentication for each view. Then sending a request to a view with the token worked as expected. I did not change the requests format (I'm using Postman and saved them there) when testing Roles. |
@filipeximenes I think I might have some wrong configuration. I tried the Quick Start guides from the docs with the same roles defined there (Doctor and Nurse) and I always get true when calling >>> user= User.objects.get(username='user1')
>>> assign_role(user, 'doctor')
<class 'config.settings.roles.Doctor'>
>>> from rolepermissions.checkers import has_permission
>>> has_permission(user, 'create_medical_record')
True
>>> has_permission(user, 'edit_patient_file')
True
>>> has_permission(user, 'non_existent_perm')
True I tried several other attempts both with I am using a custom user model with no particular customizations at the moment: from django.contrib.auth.models import AbstractUser
class User(AbstractUser):
... To configure django-roles-permissions I included the app in INSTALLED_APPS: INSTALLED_APPS = [
...
'rolepermissions'
] as the last entry in the array. Should it be included before some other django app? I also have in my settings AUTH_USER_MODEL = 'profiles.User'
ROLEPERMISSIONS_MODULE = 'config.settings.roles' Any idea on what I could be doing wrong? Thank you!! |
@StefanoFioravanzo this is really weird. The only thing that comes to mind is if you are using a django-role-permissions/rolepermissions/checkers.py Lines 31 to 36 in 2892436
Can you confirm this is not the case? |
@filipeximenes Yes, that user was indeed Now the Quick Start guide example works as expected, though I am still getting the 403 error when using the One thing I noticed is that But if I send a request to a view that does not extend I think my issue might be outside of the scope of django-role-permissions but I am completely clueless. Do you have any idea of what could cause this? |
Very weird. Could you try using a |
Hey @filipeximenes , just tried replacing |
I had a similar issue (or the same issue), and I fixed it by enabling session authentication as well as token authentication. Without digging much into it, my guess is that the HasRoleMixin is trying to access the user via the session information, and getting anonymous user. I was using django-rest-auth and had a setting |
I have dig it a bit, IMO the root cause due to solution:
|
Hello, I am trying to implement a DRF based application with some object level permissions.
I tired the following simple configuration with not success:
views.py
roles.py
I can successfully login in with
user1
, but calling the get API over that view results in a 403 Forbidden error.The text was updated successfully, but these errors were encountered: