WEBVTT Kind: captions Language: en 00:00:00.030 --> 00:00:06.240 Now that we have our update own profile permissions class we can go ahead and 00:00:06.240 --> 00:00:13.110 configure our view set to use this permission open up the views dot py file 00:00:13.110 --> 00:00:17.580 and at the top of the file we're going to add some imports and the first import 00:00:17.580 --> 00:00:22.890 is we're going to import the token authentication from the rest framework 00:00:22.890 --> 00:00:32.160 so type from rest framework dot authentication import token 00:00:32.160 --> 00:00:36.930 authentication the token authentication is going to be the type of 00:00:36.930 --> 00:00:42.300 authentication we use for users to authenticate themselves with our API it 00:00:42.300 --> 00:00:48.329 works by generating a random token string when the user logs in and then 00:00:48.329 --> 00:00:53.100 every request we make to their API that we need to authenticate we add this 00:00:53.100 --> 00:00:58.469 token string to the request and that's effectively a password to check that 00:00:58.469 --> 00:01:02.699 every request made is authenticated correctly we're going to configure this 00:01:02.699 --> 00:01:06.540 on our view set and then I'll show you it in action in future videos when we 00:01:06.540 --> 00:01:11.909 test it in the browser the next input we're going to add is the permissions 00:01:11.909 --> 00:01:18.799 module that we created in the previous videos so from profiles underscore API 00:01:18.799 --> 00:01:22.820 import permissions 00:01:22.820 --> 00:01:27.080 Okay now we have the imports added let's head down to our 00:01:27.080 --> 00:01:34.200 user profile view set and configure this to use the correct authentication and 00:01:34.200 --> 00:01:41.750 permissions classes so we're going to add authentication underscore classes 00:01:41.750 --> 00:01:49.380 equals token authentication and remember to add a comma after token 00:01:49.380 --> 00:01:56.600 authentication so that this gets created as a tuple instead of just a single item 00:01:56.600 --> 00:02:00.899 okay the token authentication as I mentioned is the type of authentication 00:02:00.899 --> 00:02:04.979 we're going to be using you can configure one or more types of 00:02:04.979 --> 00:02:10.860 authentication with a particular view set in the Django rest framework the way 00:02:10.860 --> 00:02:14.959 it works is you just add all the authentication classes to this 00:02:14.959 --> 00:02:20.020 authentication classes class variable 00:02:20.020 --> 00:02:21.980 next we're going to add the permission 00:02:21.980 --> 00:02:27.290 classes so the authentication class is set how the user will authenticate that 00:02:27.290 --> 00:02:33.079 is the mechanism they will use and the permission classes is set how the user 00:02:33.079 --> 00:02:38.510 gets permission to do certain things so you may have an authenticated user who 00:02:38.510 --> 00:02:42.950 has permission to do certain things or use certain api's but not other 00:02:42.950 --> 00:02:47.120 api's and you would control those fine-grained permissions by using 00:02:47.120 --> 00:02:52.280 permission classes so let's create a new class variable here called permission 00:02:52.280 --> 00:03:01.510 underscore classes equals and then we'll pass in permissions dot update own 00:03:01.510 --> 00:03:08.180 profile and this will configure our user profile view set to use the token 00:03:08.180 --> 00:03:13.489 authentication and then add the permission update own profile so every 00:03:13.489 --> 00:03:17.060 request that gets made it gets passed through our permissions dot py file 00:03:17.060 --> 00:03:21.290 and it checks this has object permissions function to see whether the 00:03:21.290 --> 00:03:25.519 user has permissions to perform the action they're trying to perform ok so 00:03:25.519 --> 00:03:30.980 make sure you save the views dot py file and that's how you configure a view set 00:03:30.980 --> 00:03:36.160 to use authentication and permissions in the Django rest framework