以下权限未生效IsOwnerOrReadOnly我无法理解原因:
class PermissionMixin(object):
"""
API Permission Mixin.
Permission checks authentication information in the request.user and request.auth
properties to determine if the incoming request should be permitted.
"""
permission_classes = [Or(permissions.IsAdminUser, TokenHasReadWriteScope), And (IsOwnerOrReadOnly)]
我希望允许IsAdminUser或TokenHasReadWriteScope用户,但始终检查他们是所有者IsOwnerOrReadOnly。
class IsOwnerOrReadOnly(permissions.BasePermission):
"""
Custom permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of object.
return obj.user == request.user
答案 0 :(得分:2)
我认为设置权限的正确方法是:
permission_classes = [And(Or(permissions.IsAdminUser, TokenHasReadWriteScope), IsOwnerOrReadOnly)]
告诉我这是否有效。