我正在开展一个项目,我必须检查用户是否属于公司。我已经在登录用户时进行了检查。 我如何在has_permission()方法中使用公司ID?
class IsCompanyEmployee(permissions.BasePermission):
message = 'You are unauthorized to perform any action on this company.'
def has_permission(self, request, view):
if request.user.is_authenticated():
if request.user.is_superuser:
return True
else:
#company_id = request.COOKIES["company_id"]
#or
#company_id = request.session["company_id"]
return request.user.companyemployee_set.filter(company__id=company_id).exists()
else:
return False
答案 0 :(得分:0)
class IsCompanyEmployee(permissions.BasePermission):
message = 'You are unauthorized to perform any action on this company.'
def has_permission(self, request, view):
if request.user.is_authenticated():
if request.user.is_superuser:
return True
else:
if 'company_id' in request.session:
company_id = request.session.get('company_id')
return request.user.companyemployee_set.filter(company__id=company_id).exists()
else:
return False
else:
return False