Re: Permissions frame

What I think that Michele means is this part: https://github.com/encode/django-rest-framework/blob/54307a4394820173f7bfeaed53a675c00563bf18/rest_framework/permissions.py#L299 This part has confused me in the past. When an object does exist but I do not have any permissions DRF hides if for me sin

Re: Permissions frame

So, feels to me that you might have some problems with your URL mapping. If a URL doesn't exist, Django will raise 404, even if the user is not authenticated. Authentication and authorization responses are handled at View (objects) level and 404 are handled at URL level first, when a url you're

Re: Permissions frame

Did you properly setup your authentication and permission classes, either on settings or view? This situation never happened to me, and DFR always returned the correct HTTP status codes. 404, 401 or 403. On Sun, Apr 30, 2023, 07:33 Michele wrote: > Hi everyone, > > > While diagnosing an API I

Permissions frame

Hi everyone, While diagnosing an API I noticed that DRF's "Permissions" framework returns HTTP codes inconsistent with HTTP. DRF returns `404` (Not found) for any error . By HTTP specification <