我试图在扩展viewsets.ModelViewSet的类上设置自定义权限,但似乎我的权限未被评估。以下是我的观点:
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
这是我的许可类:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我遇到的问题是IsAdminOrAuthenticatedReadOnly似乎永远不会得到评估。我通过强制它总是返回" False"来测试这个。并通过将permission_classes值切换为" IsAuthenticated"在视图中。在前一种情况下,对端点的请求返回,就好像没有身份验证要求一样。在后面,身份验证按预期执行。
我缺少什么想法?
答案 0 :(得分:3)
方法名称为has_permission not has_permissions(no s);)