当我的服务器是基于cookie的身份验证时,它有以下权限。
class IsAuthenticatedAndStudentOwner(BasePermission):
message = 'You must be a student.'
def has_permission(self, request, view):
return request.user.is_authenticated() and smart_str(request.user.identity) == 'student'
def has_object_permission(self, request, view, obj):
return obj.student.user == request.user
然后,当我使用JWT时,request.user会返回AnonymousUser。
# login(request, user_obj)
payload = jwt_payload_handler(user_obj)
token = jwt_encode_handler(payload)
data['token'] = token
return data
那么,如何在没有会话的情况下编写此permission?