我試圖讓 PUT 和 DELETE 方法需要身份驗證,但我希望 GET 方法是公開的。我知道我可以取出 GET 方法并將其放入自己的函式中,但我需要為它制作另一個 url。解決這個問題的最佳方法是什么?謝謝
@api_view(['GET', 'PUT', 'DELETE'])
@permission_classes([IsAuthenticated])
def getOrUpdateOrDeleteCar(request, pk):
if request.method == 'GET':
vehicle = Car.objects.get(id=pk)
serializer = CarSerializer(vehicle, many=False)
return Response(serializer.data)
elif request.method == 'PUT':
data = request.data
car = Car.objects.get(id=pk)
car.image=data['image']
car.make=data['make']
car.prototype=data['prototype']
car.year=data['year']
car.serviceInterval=data['serviceInterval']
car.seats=data['seats']
car.color=data['color']
car.vin=data['vin']
car.currentMileage=data['currentMileage']
car.save()
serializer = CarSerializer(car, many=False)
return Response(serializer.data)
elif request.method == 'DELETE':
car = Car.objects.get(id=pk)
car.delete()
return Response('Car Deleted!')
uj5u.com熱心網友回復:
撰寫自定義權限類:
from rest_framework.permissions import BasePermission
class CarPermission(BasePermission):
def has_permission(self, request, view):
if request.method == 'GET':
return True
return bool(request.user and request.user.is_authenticated)
并在您的 API 中使用它:
@api_view(['GET', 'PUT', 'DELETE'])
@permission_classes([CarPermission])
def getOrUpdateOrDeleteCar(request, pk):
...
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/323870.html
標籤:姜戈