Add official support for Django 5.1 by browniebroke · Pull Request #9514 · encode/django-rest-framework (original) (raw)

I initially went with a custom LoginRequiredMiddleware but then realised that authentication status of a request in DRF isn't easy to figure out at the middleware level. This is because it's a combination of authentication_classes + permission_classes settings, which may come from the view or the global settings.

Additionally, I struggled a bit to test that solution as I couldn't find out a way to configure test views with a non-default DEFAULT_PERMISSION_CLASSES, and I always ended up with AllowAny in my views. I was aiming for integration style of tests: configuring a view, with URLs and setting up the whole middleware chain. I left the commit if someone is interested...

I took a step back and realised that DRF already offered a way to achieve what LoginRequiredMiddleware does, via its settings. So I ended marking DRF views as opted-out from Django's middleware, and documenting how to achieve the same thing with API views.

What do people think of the approach?