When I set default permission settings to
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.AllowAny",
],
and then define different permission for views like
@requires_csrf_token
@permission_classes([IsAuthenticated])
@api_view(["POST"])
def logout(request):
pass
I expected the view permission to be set as IsAuthenticated. But it behaves as AllowAny.
I'm using django rest simple JWT as authentication class.
The problem is that only the last decorator is applied, and others above, not working. Although I've not found solution for this problem yet.
As mentioned in the documentation, your @permission_classes decorator
must come after (below) the
@api_viewdecorator
So I would rather try:
@requires_csrf_token
@api_view(["POST"])
@permission_classes([IsAuthenticated])
def logout(request):
pass