Skip to content

fdevillard/drf-decorator-ordering-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
APIViewOrdering
APIViewOrdering
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
manage.py
manage.py
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

drf-api-view-ordering

A simple demo to illustrate that:

    @api_view(['GET'])
    @permission_classes([IsAuthenticated])
    def my_view(request):
        pass

is different from:

    @permission_classes([IsAuthenticated])
    @api_view(['GET'])
    def my_view(request):
        pass

The order of @api_view and @permission_classes decorators matters, as in the latter the permission is ignored.

How to run

Install the project

poetry install

Run Django tests:

poetry run python manage.py test

This is clearly stated in the documentation, but it's easy to miss and can have huge impact on the security of the API.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages