the drf permission.py has a IsAuthencatied class which check if the user is 
loged. the code works like below:
class IsAuthenticated(BasePermission):
    """
    Allows access only to authenticated users.
    """

    def has_permission(self, request, view):
        return request.user and request.user.is_authenticated()


this works ok with django. But when I add django-guardian for object-level 
permission checker, it not work any more.
cause the django-guardian return a AnonyousUser in the DB, which have 
is_authenticated() return True.

I really donot understand why the AnonyousUser.is_authenticated() return 
True and even the AnonyousUser.is_anonyous() return False.
which make the drf permission-checker not works. and it seems cannot 
distinct the normal user with the anonyoususer.

And Is there any ways to get out of this, cause I search through the google 
without any answer or simply question. Are there nobody face suck problem? 

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to