the drf permission.py has a IsAuthencatied class which check if the user is
loged. the code works like below:
class IsAuthenticated(BasePermission):
"""
Allows access only to authenticated users.
"""
def has_permission(self, request, view):
return request.user and request.user.is_authenticated()
this works ok with django. But when I add django-guardian for object-level
permission checker, it not work any more.
cause the django-guardian return a AnonyousUser in the DB, which have
is_authenticated() return True.
I really donot understand why the AnonyousUser.is_authenticated() return
True and even the AnonyousUser.is_anonyous() return False.
which make the drf permission-checker not works. and it seems cannot
distinct the normal user with the anonyoususer.
And Is there any ways to get out of this, cause I search through the google
without any answer or simply question. Are there nobody face suck problem?
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.