We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
master
DEFAULT_PERMISSION_CLASSES
rest_framework.permissions.IsAdminUser
urls.py
from rest_framework.documentation import include_docs_urls url(r'^docs/', include_docs_urls(title='API Title', description='API description'))
localhost:8000/docs
AttributeError
Users should not be able to access docs for restricted views and should see a 403.
The template (document.html) doesn't check if user is authenticated or not (for restricted views) and tries to render a non-existing document object.
document.html
The text was updated successfully, but these errors were encountered:
Merge pull request #5189 from myrubapa/master
c7e2bad
Fix API documentation templates do not check for user authentication #5162
Successfully merging a pull request may close this issue.
Checklist
master
branch of Django REST framework.Steps to reproduce
DEFAULT_PERMISSION_CLASSES
torest_framework.permissions.IsAdminUser
.urls.py
:localhost:8000/docs
as an unauthenticated user; you get anAttributeError
instead of 403.Expected behavior
Users should not be able to access docs for restricted views and should see a 403.
Actual behavior
The template (
document.html
) doesn't check if user is authenticated or not (for restricted views) and tries to render a non-existing document object.The text was updated successfully, but these errors were encountered: