Recall the services pattern example where we created a service to retrieve all the latest public posts? Now we shall reimplement it using the features provided by the DRF.
First, install DRF and add it to your INSTALLED_APPS. Then, mention your permission model in settings.py:
# Django Rest Framework settings REST_FRAMEWORK = { # Allow unauthenticated access to public content 'DEFAULT_PERMISSION_CLASSES': [ 'rest_framework.permissions.AllowAny' ] }
Even though we are allowing unrestricted access (AllowAny) here, it is strongly recommended to choose the most restricted access policy to secure your API.
DRF allows us to choose from a wide variety of API access permission policies, such as allowing only authenticated ...