Question

我有一个CommentResource模型，我想确保用户可以删除仅由他创作的评论（通过发送DELETE请求）。所以我使用this SO question的答案。

def delete_detail(self, object_list, bundle):
        return bundle.obj.user == bundle.request.user

但是django给了我这个错误：

delete_detail()得到了一个意外的关键字参数＆＃39; pk＆＃39;

Answer 1

为了确保用户可以删除仅由他撰写的评论（通过发送DELETE请求），您需要实施您的授权类，如下所示。

from tastypie.authorization import Authorization
from tastypie.exceptions import Unauthorized

class MyAuthorization(Authorization)

    def delete_detail(self, object_list, bundle):
        """
        Returns True or false based on authorized after applying
        your logic. You can even raise an exception if unauthorized.
        """
        if authorized:
            return True
        else:
             #raise Unauthorized("Sorry, can't delete other user's comments.")
             return False

删除tastypie中的资源

1 个答案: