Django REST Framework: 'BasePermissionMetaclass' object is not iterable

Asked 6/12, 2018 at 10:25 Answered 10/1, 2024 at 7:38

Solved python django django-rest-framework django-views

Python/Django n00b moving over from javascript.

Trying to add an API endpoint using Django REST Framework which I'm hoping will ultimately be able to update a User with the body of a PATCH request, but for now I just want it to not throw a 500 error.

I've added this to urlpatterns:

url(r'update/$', views.UpdateView.as_view(), name="update_user"),

And that should bring in this view:

from django.contrib.auth.models import User
from rest_framework.generics import UpdateAPIView
from .serializers import UserSerializer

class UpdateView(UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer

The UserSerializer looks like this:

class UserSerializer(serializers.ModelSerializer):
    class Meta:
        model = User
        fields = ('username', 'pk', 'status')

Seem to be getting this every time I visit the route:

TypeError at /api/update/
'BasePermissionMetaclass' object is not iterable

I have no idea what I'm doing - anyone seen this before?

UPDATE: Full Traceback:

Internal Server Error: /api/update/
Traceback (most recent call last):
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/exception.py", line 41, in inner
    response = get_response(request)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/core/handlers/base.py", line 185, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view
    return self.dispatch(request, *args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 495, in dispatch
    response = self.handle_exception(exc)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 455, in handle_exception
    self.raise_uncaught_exception(exc)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 483, in dispatch
    self.initial(request, *args, **kwargs)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 401, in initial
    self.check_permissions(request)
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 333, in check_permissions
    for permission in self.get_permissions():
  File "path/to/myapp/env/lib/python2.7/site-packages/rest_framework/views.py", line 280, in get_permissions
    return [permission() for permission in self.permission_classes]
TypeError: 'BasePermissionMetaclass' object is not iterable

Nazarite answered 6/12, 2018 at 10:25 Comment(4)

Show the full traceback. – Carditis 6/12, 2018 at 10:31

Most likely, you defined a permission (either for the class or through settings) and didn't add it as list – Havener 6/12, 2018 at 10:40

Show the PERMISSION_CLASSES config from settings module. – Jylland 6/12, 2018 at 10:49

@SachinKukreja - you mean this? ~~~~ REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.TokenAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAdminUser' ), } ~~~~ – Nazarite 6/12, 2018 at 10:57

You have mistyped the comma in DEFAULT_PERMISSION_CLASSES value, due to which Django takes it as a string, instead of a tuple.

Solution:

REST_FRAMEWORK = {
   ...
   'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAdminUser', ),
   ...
}

Jylland answered 6/12, 2018 at 11:7 Comment(2)

Wow - that was it! Thank you so much - been stuck on this for a couple of days now - such a simple solution! – Nazarite 6/12, 2018 at 11:11

Amazing answer!! Thanks! – Corbett 10/1, 2022 at 8:36

I had the same problem, but looked for wrong place. I made mixin class with permissions and there was code

permission_classes = (
    permissions.IsAuthenticated
)

but should be

permission_classes = (
    permissions.IsAuthenticated,
#                              ^
#                         a comma here
)

So do not forget to look for other classes with permissions. I hope it will help someone.

Chile answered 11/2, 2019 at 8:6 Comment(2)

for anyone wondering what the change is, you have to add a comma after permissions.IsAuthenticated..it took me few minutes to figure out :) – Selenite 16/2, 2019 at 15:9

idk why it took me 15mins to realize that this comment even exists... – Disengage 25/5, 2020 at 11:57

As a reference for other people who might be searching here, this could be an issue too..

from django.contrib.auth.models import User
from rest_framework.generics import UpdateAPIView
from .serializers import UserSerializer

class UpdateView(UpdateAPIView):
    queryset = User.objects.all()
    serializer_class = UserSerializer
    permission_classes = IsAuthenticated

Should change to:

    from django.contrib.auth.models import User
    from rest_framework.generics import UpdateAPIView
    from .serializers import UserSerializer

    class UpdateView(UpdateAPIView):
        queryset = User.objects.all()
        serializer_class = UserSerializer
        permission_classes = [IsAuthenticated]

Julianejuliann answered 27/10, 2019 at 20:7 Comment(0)

@permission_classes((AllowAny,))

You have to ensure the comma

Ropable answered 13/1, 2022 at 19:26 Comment(0)

I was facing the same problem and I was able to solve with this simple step

@permission_classes([IsAuthenticated])

so yeah, just put the method under the permission module in a bracket and you are good to go, hope it helps

Robbinrobbins answered 30/1, 2023 at 18:59 Comment(0)

As an add up, should incase, anyone is following the tutorials on Django for APIs by William S. Vincent, the chapter on documentation using drf-spectacular, shows similar error stack.

And the solution as illustrated earlier is to put [ ] on the custom base permission IsAuthorOrReadOnly, as this [IsAuthorOrReadOnly], in the posts app views, and the error is resolved

Gwalior answered 10/1, 2024 at 7:38 Comment(0)

Junst in case this also can be solution. At least solved my issue

Struggle answered 10/2, 2021 at 23:55 Comment(0)

Just to complete @ihafurr's answer.

permission_classes shall be iterable because the variable is called by :func:viewsets.ModelViewSet.get_permission being (https://www.cdrf.co/3.12/rest_framework.viewsets/ModelViewSet.html):

def get_permissions(self):
    return [permission() for permission in self.permission_classes]

Changing the last line of such method to the following could overcome the iterability requirement.

return [permission() for permission in self.permission_classes] if isinstance(self.permission_classes], Iterable) else [self.permission_classes]

where Iterable comes from

try:
    from collections.abc import Iterable  # for Python >= 3.6
except ImportError:
    from collections import Iterable

Berck answered 26/10, 2021 at 10:51 Comment(0)

Recommended topics

Hot tags