So, this issue is something that i faced while testing of my class based
views. I had a view that creates and updates user as shown below.
class UserViewSet(ViewSet):
def check_permissions(self, request):
print("Action = ", self.action)
if self.action == 'create_user':
return True
return super().check_permissions(request)
def create_user(self, request):
# user creation code
def update(self, request):
#user update code
And create_user was mapped with POST method and update was mapped with PUT
method. So, my need was that for create_user action no permission is
required and for update, user should be authenticated. Overriding
check_permssion did the job. Now, when i was testing the create_user end
point. I wrote a test that tries to create user using some method other
than POST. I expected that the response should be
HTTP_405_METHOD_NOT_ALLOWED.
def test_create_user_with_invalid_method(self):
data = self.user_data
response = self.client.get(self.url, data)
self.assertEqual(response.status_code, HTTP_405_METHOD_NOT_ALLOWED)
But the response was HTTP_401_UNAUTHORIZED. And the action variable was set
as None. My url mapping is like this
url(r'^account/register/$', UserViewSet.as_view({"post": "create_user"}),
name="account_register_view"),
So looking at this, i thought djago is either doing the mapping of
request(method, url) to action either after checking permission or doing it
before but setting action as None when it fails to find the proper mapping
So my concern is that whether this is the correct behaviour, or am i doing
something logically wrong here.
PS: Please ignore my grammatical mistaks.
Thanks
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-rest-framework+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-rest-framework/34e9b02c-30e6-4d18-b752-58537bb2507d%40googlegroups.com.
