So, this issue is something that i faced while testing of my class based views. I had a view that creates and updates user as shown below.
class UserViewSet(ViewSet): def check_permissions(self, request): print("Action = ", self.action) if self.action == 'create_user': return True return super().check_permissions(request) def create_user(self, request): # user creation code def update(self, request): #user update code And create_user was mapped with POST method and update was mapped with PUT method. So, my need was that for create_user action no permission is required and for update, user should be authenticated. Overriding check_permssion did the job. Now, when i was testing the create_user end point. I wrote a test that tries to create user using some method other than POST. I expected that the response should be HTTP_405_METHOD_NOT_ALLOWED. def test_create_user_with_invalid_method(self): data = self.user_data response = self.client.get(self.url, data) self.assertEqual(response.status_code, HTTP_405_METHOD_NOT_ALLOWED) But the response was HTTP_401_UNAUTHORIZED. And the action variable was set as None. My url mapping is like this url(r'^account/register/$', UserViewSet.as_view({"post": "create_user"}), name="account_register_view"), So looking at this, i thought djago is either doing the mapping of request(method, url) to action either after checking permission or doing it before but setting action as None when it fails to find the proper mapping So my concern is that whether this is the correct behaviour, or am i doing something logically wrong here. PS: Please ignore my grammatical mistaks. Thanks -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-framework+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/34e9b02c-30e6-4d18-b752-58537bb2507d%40googlegroups.com.