How to mark a DRF ViewSe 10000 t action as being exempt from the application of a custom middleware? #9462

browser-bug · 2024-07-08T13:35:03Z

browser-bug
Jul 8, 2024

I've created a Custom Django Middleware and added to the MIDDLEWARE settings variable correctly.

from django.http import HttpResponseForbidden

class MyCustomMiddleware:

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        return self.get_response(request)

    def process_view(self, request, view_func, view_args, view_kwargs):
        # Perform some internal actions on the `request` object.
        return None

Since this is applied to all DRF ViewSets by default, I would like to exempt some actions that don't need this check. The idea would be to check a flag inside the process_view function taking inspiration from the Django CsrfViewMiddleware which checks if the csrf_exempt variable has been set by the csrf_exempt decorator. So I modified the custom middleware and created a custom decorator to exempt views explicitly.

from functools import wraps
from django.http import HttpResponseForbidden

class MyCustomMiddleware:
    ...
    
    def process_view(self, request, view_func, view_args, view_kwargs):
        if getattr(view_func, "some_condition", False):
            return HttpResponseForbidden("Forbidden on custom middleware")
        # Perform some internal actions on the `request` object.
        return None

def custom_middleware_exempt(view_func):

    @wraps(view_func)
    def _view_wrapper(request, *args, **kwargs):
        return view_func(request, *args, **kwargs)

    _view_wrapper.some_condition = True
    return _view_wrapper

Having this I do something like this and it correctly enters the custom decorator before going inside the Django middleware.

from rest_framework import viewsets
from rest_framework.decorators import action
from rest_framework.response import Response

class MyViewSet(viewsets.ViewSet):
    @action(detail=False, methods=['get'])
    @custom_middleware_exempt
    def my_action(self, request):
        return Response()

So far so good until I noticed that the view_func of the custom middleware process_view doesn't correspond to the action function (which is being decorated) but to the ViewSet function.

Inside the decorator: view_func = <function MyViewSet.my_action at 0x79ee9c471760>

Inside the middleware: view_func = <function MyViewSet at 0x79ee9c49c220>

Apparently, Django middlewares are applied at viewset level instead of action level. As a consequence view_func doesn't have the some_condition attribute set.

Is there a way to decorate a viewset action and change the viewset level function or an alternative way to achieve what I'm trying to do?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

How to mark a DRF ViewSe 10000 t action as being exempt from the application of a custom middleware? #9462

Uh oh!

{{title}}

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

Uh oh!

How to mark a DRF ViewSe 10000 t action as being exempt from the application of a custom middleware? #9462

Uh oh!

browser-bug Jul 8, 2024

Replies: 0 comments

browser-bug
Jul 8, 2024