在我尝试解决问题时,我试图强制我的自定义权限类返回False,而不是。我仍然可以通过下面的DateListViewSet类执行成功的GET和POST请求。我无法弄清楚为什么我的自定义权限类(IsUser)不能正常工作以下是我的自定义权限类,视图类和序列化程序。请协助
自定义权限类
class IsUser(permissions.BasePermission):
def has_permissions(self, request, view):
return False
Mixin和View Class
class DateListMixin(object):
serializer_class = SimpleDateSerializer
permission_classes = (permissions.IsAuthenticated, IsUser)
class DateListViewSet(DateListMixin, generics.BulkModelViewSet):
def get_queryset(self):
num = self.kwargs['rm']
num2 = self.kwargs['id']
r1 = Room.objects.get(pk=num)
s1 = Schedule.objects.get(pk=num2)
u = self.request.user.pk
usr = User.objects.get(pk=u)
if(s1.user.username == usr.username):
queryset = r1.transactiondatetime_set.all()
return queryset
else: raise Http404("User does not exist")
Serializer class
class SimpleDateSerializer(BulkSerializerMixin, ModelSerializer, serializers.Serializer):
start_dt = serializers.DateTimeField(format="%Y-%m-%d %H:%M:%S")
class Meta(object):
model = TransactionDateTime
list_serializer_class = BulkListSerializer
fields = ('pk', 'start_dt', 'room')
答案 0 :(得分:-2)
我弄清楚了。我应该有输入权限而不是权限