在下面的代码中,我想添加一些权限,但不能完全正常工作。当我将权限更改为可以正常工作的“ IsAdmin”权限并在需要获取TeacherPostStatistic时响应“拒绝访问”时。但是我不知道为什么我需要的此权限不起作用?谢谢。
view.py:
class TeacherPostStatistic(generics.RetrieveAPIView):
permission_classes = (ClassCoTeacherPermission, ClassOwnerPermission)
def get_klass(self):
class_id = self.kwargs['class_id']
return Class.objects.get(id=class_id)
def get(self, request, *arg, **kwargs):
klass = self.get_klass()
response = Post.post_count_last7days(klass)
return JsonResponse(response, safe=False)
urls.py:
url(r'^teacher/(?P<class_id>[0-9]+)/post-statistic/$', views.TeacherPostStatistic.as_view()),
models.py:
class Post(models.Model):
title = models.CharField(
_("Post title"),
max_length=100,
blank=True,
default="",
)
description = models.CharField(
_("Post description"),
max_length=1500,
blank=True,
)
type = models.CharField(
_("Post type"),
max_length=1,
choices=TYPE_CHOICES,
)
create_date = models.DateTimeField(default=timezone.now)
emoji_count = JSONField(default=get_empty_dic)
like_count = models.IntegerField(default=0)
writer = models.ForeignKey(
User,
related_name='written_posts',
related_query_name='written_post',
null=True,
on_delete=models.SET_NULL
)
klass = models.ForeignKey(
'klass.Class',
related_name='posts',
related_query_name='published_post',
on_delete=models.CASCADE
)
users = models.ManyToManyField(
User,
through='PostUserActivity',
related_name="posts",
blank=True,
)
files = models.ManyToManyField(File)
@classmethod
def post_count_last7days(cls, klass):
post_per_day_chart = {}
for past_day in range(0, 7):
count_post_in_past_day = cls.objects.filter(klass__exact=klass, create_date__date=date.today()-timedelta(days=past_day)).count()
post_per_day_chart[past_day] = count_post_in_past_day
print(post_per_day_chart)
return post_per_day_chart
permission.py:
class ClassCoTeacherPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
print(obj,view)
return self.has_perm(user=request.user, klass=obj)
@classmethod
def has_perm(cls, user, klass):
co_teacher = ClassCoTeacherMembership.objects.filter(klass=klass, co_teacher=user)
if not co_teacher.exists():
raise exc.UserIsNotCoTeacherOfTheClass
return True
class ClassOwnerPermission(permissions.BasePermission):
"""
Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `owner` attribute.
"""
@classmethod
def has_perm(cls, user, klass):
return klass.owner == user
def has_object_permission(self, request, view, obj):
print(obj,view)
return self.has_perm(request.user, obj)e
该clint要求ClassRoom的Statistic没有权限访问view.py中的“ TeacherPostStatistic”,但django对此表示没有任何访问被拒绝。
第二个问题是什么print(obj,view)不起作用?终端中什么也没有出现。但是当此权限在其他视图(程序员自己编写)中调用时,此命令可以正常工作。
django / python中的im noob,所以请向我解释,尤其是我对“ obj”发表评论的部分。如果您知道一些简单易懂的互联网资源(文档,视频等),请告诉我。