WEBVTT
Kind: captions
Language: en

00:00:00.030 --> 00:00:04.380
Okay so now that we can see the
permissions are working for reading

00:00:04.380 --> 00:00:09.030
objects when we're not authenticated
what happens if we want to restrict this

00:00:09.030 --> 00:00:16.020
API so only authenticated users can view
it this is very common with many apps

00:00:16.020 --> 00:00:21.060
you often will only want to limit
certain api's for users who are

00:00:21.060 --> 00:00:24.570
authenticated with the system and if
you're not authenticated you don't want

00:00:24.570 --> 00:00:30.630
to allow them to even read or view other
objects so let's go ahead and modify our

00:00:30.630 --> 00:00:36.899
feed API to ensure that users are
authenticated to view it open up the

00:00:36.899 --> 00:00:43.379
atom editor and then edit the views dot py
file what we're going to do is we're

00:00:43.379 --> 00:00:47.010
going to go to the top of the file and
you can see here what we imported is

00:00:47.010 --> 00:00:52.440
authenticated or read-only the Django
rest framework has another handy

00:00:52.440 --> 00:00:57.809
permission that comes with it by default
just called is authenticated so we can

00:00:57.809 --> 00:01:03.809
just remove this or read-only from the
end and then that is the permission we

00:01:03.809 --> 00:01:08.729
want to import so we just want to use
the is authenticated permission which

00:01:08.729 --> 00:01:15.479
blocks access to the entire endpoint
unless the user is authenticated so now

00:01:15.479 --> 00:01:19.229
let's scroll to the bottom of the file
and update our permission classes

00:01:19.229 --> 00:01:24.780
accordingly so let's remove the all
read-only from this as well and then we

00:01:24.780 --> 00:01:29.939
can actually reformat this because the
length is shorter now so we'll reformat

00:01:29.939 --> 00:01:37.259
it into one line to keep it neat and
tidy and then save the file and that's

00:01:37.259 --> 00:01:43.250
how you limit an API to authenticated
users only