我為用戶帳戶所有者和公寓所有者建立了 2 權限。盡管它們具有相同的代碼,但用戶帳戶所有者不起作用。
權限.py
class IsOwnerUserOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.username == request.user # Not Work
class IsOwnerApartmentOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.seller == request.user # Work OK
視圖.py
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = [
permissions.IsAuthenticatedOrReadOnly, IsOwnerUserOrReadOnly]
class ApartmentViewset(viewsets.ModelViewSet):
queryset = Apartment.objects.filter(issold=False).order_by('-timestamp')
serializer_class = ApartmentSerializer
# Set permission for only user owner apartment can edit it.
permission_classes = [
permissions.IsAuthenticatedOrReadOnly, IsOwnerApartmentOrReadOnly]
uj5u.com熱心網友回復:
我認為第一個權限類的回傳運算式不正確。它應該是obj,而不是obj.username因為request.user是 User 模型的實體。
class IsOwnerUserOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj == request.user # Not Work
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/494899.html
標籤:django 休息 django-rest-framework
上一篇:在ExpressJS中將AxiosURL引數決議為字串陣列
下一篇:讀取沒有特定型別的csv