我的問題很簡單:我正在嘗試為我的 django rest API 創建一些自定義權限。這是我的代碼(permission.py):
class UserPermissions(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return obj == request.user
我只希望用戶只能獲取、洗掉和更新他們自己的帳戶。問題是我認為我的代碼沒有被 Django 讀取。我試圖總是回傳 false (沒有任何條件),它什么也不做。我還嘗試在檔案開頭列印一些除錯訊息,但它什么也沒做。
(我的檔案permissions.py位于我的應用程式的根目錄)$
這是我的用戶視圖(UserView.py):
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
queryset = User.objects.all().order_by("-date_joined")
serializer_class = UserSerializer
permission_classes = [permissions.IsAuthenticated]
swagger_tag = ["User"]
class LoginView(KnoxLoginView):
"""
API endpoint allowing the user to login and receive a token
"""
permission_classes = [
permissions.AllowAny,
]
@swagger_auto_schema(request_body=AuthTokenSerializer)
def post(self, request, format=None):
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data["user"]
login(request, user)
return super(LoginView, self).post(request, format=None)
uj5u.com熱心網友回復:
正如@UtkucanB?y?kl?在他們的評論中所說,您應該在以下內容中指定權限ViewSet:
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.order_by('-date_joined')
serializer_class = UserSerializer
permission_classes = [permissions.IsAuthenticated, UserPermissions]
swagger_tag = ['User']轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/526085.html
標籤:djangodjango-rest-framework