Question

class CategoryViewSet(viewsets.ModelViewSet):
    """ViewSet for the Category class"""

    queryset = models.Category.objects.all()
    serializer_class = serializers.CategorySerializer
    permission_classes = [permissions.IsAuthenticated]

如何仅为超级用户提供所有用户的get方法和post方法。

Answer 1

检查您的功能请求是否为POST或GET。如果是帖子，您可以检查用户的凭据以验证他们是否是超级用户。

def list(self, request):
    if request.method == 'POST':
        if request.user.is_superuser:
            # let superuser do their thing
        else:
            # error! you're not allowed to do this!
    elif request.method == 'GET':
        # you're any user who is allowed to do their thing

允许所有用户获取get方法的权限，并且仅允许django rest api

1 个答案: