谢谢大家。希望能尽快得到答复。
permission.py
class UpdateRegister(permissions.BasePermission):
""" Allow user to edit their own profile. """
def has_object_permissions(self, request, view, obj):
""" Check user is trying to edit their own profile. """
if request.method in permissions.SAFE_METHODS:
return True
return obj.id == request.user.id
class PostOwnStatus(permissions.BasePermission):
""" Allow user to update their own status. """
def has_object_permissions(self, request, view, obj):
""" Check user is trying to update their own status. """
if request.method in permissions.SAFE_METHODS:
return True
return obj.user_profile.id == request.user.id
这是permission.py文件,允许用户编辑或更新其个人资料和状态。
** view.py *
class UserViewSet(viewsets.ModelViewSet):
""" API endpoint that allows users to be viewed or edited. """
serializer_class = UserSerializer
queryset = UserRegister.objects.all()
authentication_classes = (TokenAuthentication,)
permission_classes = (permissions.UpdateRegister,)
class ProfileFeedViewSet(viewsets.ModelViewSet):
""" Handles creating reading and updating profile feed. """
serializer_class = ProfileFeedSerializer
queryset = ProfileFeed.objects.all()
authentication_classes = (TokenAuthentication,)
permission_classes = (permissions.PostOwnStatus, IsAuthenticatedOrReadOnly)
def perform_create(self, serializer):
"""Sets the user profile to the logged in user."""
serializer.save(user_profile=self.request.user)
这是view.py文件。在这里,我有用户视图集和个人资料供稿视图集
serializer.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = UserRegister
fields = ('id', 'name', 'email', 'password')
extra_kwargs = {'password': {'write_only': True}}
def create(self, validated_data):
""" Create and return a new user"""
user = UserRegister(
email=validated_data['email'],
name=validated_data['name'],
)
user.set_password(validated_data['password'])
user.save()
return user
class ProfileFeedSerializer(serializers.ModelSerializer):
""" Serialzer for profile feed. """
class Meta:
model = ProfileFeed
fields = ('id', 'user_profile', 'post', 'created_on')
extra_kwargs = {'user_profile': {'read_only':True}}
答案 0 :(得分:0)
您的权限类方法在匹配用户之前返回True。尝试将条件更改为此:
if request.method in permissions.SAFE_METHODS and obj.id == request.user.id:
return True
答案 1 :(得分:0)
就我而言,您不需要为此添加自定义权限类。
您可以从您的ViewSets删除 ReferenceMap.prototype.showPoint = function showPoint(point, map) {
var location = point.get('location')
, marker = new google.maps.Marker({
store_id: point.get('internalid')
, icon: iconSrc
, map: map
, point: point
, title: point.get('internalid')
});
allMarker.push(marker);
marker.setPosition(new google.maps.LatLng(location.latitude, location.longitude));
marker.setVisible(true);
marker.addListener('mouseover', _.bind(function () {
this.showInfoWindowOnClick(marker, map);
}, this));
marker.addListener('mouseout', _.bind(function () {
hideShowInfoWindow();
}, this));
marker.addListener('click', _.bind(function (e) {
// var markerTitle = marker.title;
// var markerID = marker.store_id;
// var target = markerTitle == markerID;
// if(target == e.target) {
// $('.marker img').css('width',200);
// dealerDetailsLeftBlock();
// }
// else {
// $('.marker img').removeAttr('style');
// }
console.log(e.target);
areaMarkers.reset();
for (var i = 0; i < allMarker.length; i++) {
allMarker[i
].isClicked = 'F';
allMarker[i
].point.set('isClicked', 'F');
marker.set('isClicked', 'T');
if (map.getBounds().contains(allMarker[i
].getPosition())) {
//console.log(allMarker[i]);
if (allMarker[i
].isClicked == 'T') {
$('[title="' + marker.title + '"
]').addClass('marker - design');
console.log($('[title="' + marker.title + '"
]'))
// console.log(allMarker[i]);
allMarker[i
].point.set('isClicked', 'T');
}
areaMarkers.add(allMarker[i
].point);
}
};
//console.log(areaMarkers);
dealerDetailsLeftBlock();
this.trigger('getSideBar')
}, this));
if (this.markerCluster) {
this.markerCluster.addMarker(marker);
}
return marker;
};
。相反,覆盖permission_classes,并有条件地在viewsets定义权限:
get_permissions()您可能希望根据需要编写这些条件。