Search code examples
djangodjango-rest-frameworkdjango-rest-auth

how to be authorized to create an object using django rest framework and CreateAPIView?

I have a problem when I want to create an object using CreateAPIView, I get the message: "detail": "Authentication credentials were not provided.".

I use rest-auth and rest-authtoken apps.

this is what I made so far:

models.py

class CustomUser(AbstractUser):
    objects = CustomUserManager()
    is_normal_user = models.BooleanField(default=False)
    is_corporate_user = models.BooleanField(default=False)

class CompanyProfile(models.Model):
    user = models.OneToOneField(CustomUser, on_delete=models.CASCADE)
    corporate_name = models.CharField(max_length=30)

serializers.py

class CompanyProfileSerializer(serializers.ModelSerializer):
    class Meta:
        model = CompanyProfile
        fields = ['user', 'corporate_name',]
        read_only_fields = ('id',)

views.py

class Authorized_Company_User(permissions.BasePermission):
    def has_permission(self, request, view):
        return bool(request.user and request.user.is_corporate_user)

class CompanyCreateProfileView(generics.CreateAPIView):
    #queryset = CompanyProfile.objects.all()
    serializer_class = CompanyProfileSerializer
    #authentication_classes = (TokenAuthentication,)
    permission_classes = (IsAuthenticated, Authorized_Company_User)

I am wondering if I need to define create function, and use get method to get user authtoken.

Solution

  • "detail": "Authentication credentials were not provided."

    this message is caused by the permission_classes = IsAuthenticated

    You need to provide a Token to be able to create.

    Add this url from rest_auth app:

    re_path(r'^rest_auth/',include('rest_auth.urls'))

    then you can use postman to make tests

    method :POST
url: http://127.0.0.1:8000/rest_auth/login/
body: {"username":"user", "password":"password"}
headers: Content-Type: Application/json

    as response you get 

    `{"key":"here your token"}`

    with this token you can add a new user

    method :POST
url: http://127.0.0.1:8000/add_user_url/
body: {"corporate_name":"corporate"}
headers: Content-Type: Application/json
         Authorization: "Token ########here your token########"

    And in your CreateAPIView you can assign the user:

    class CompanyCreateProfileView(generics.CreateAPIView): 
    def perform_create(self, serializer):
            serializer.save(user=self.request.user)