我设置了一个自定义权限,该权限仅允许广告创建者删除或编辑它,尽管该权限无效,而且删除了另一个用户广告,这里出了什么问题?
views.py:
train[[c for ...]]permissions.py:
from rest_framework import permissions,generics
from rest_framework.views import APIView
from rest_framework.permissions import IsAuthenticated
from .permissions import IsOwnerOrReadOnly
from advertise.serializers import AdSerializer
class AdListGeneric(generics.ListCreateAPIView):
permission_classes([permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly],)
queryset=Advertise.objects.all()
serializer_class=AdSerializer
# @permission_classes([permissions.IsAuthenticatedOrReadOnly],[IsOwnerOrReadOnly])
class AdDetailgeneric(generics.RetrieveUpdateDestroyAPIView):
permission_classes([permissions.IsAuthenticatedOrReadOnly,IsOwnerOrReadOnly],)
queryset=Advertise.objects.all()
serializer_class=AdSerializer
,,,
,
答案 0 :(得分:0)
permission_classes必须是class属性,并且必须是可迭代的(例如元组或列表)。请参见get_permissions中ListCreateAPIView方法中的how it is used:
def get_permissions(self):
"""
Instantiates and returns the list of permissions that this view requires.
"""
return [permission() for permission in self.permission_classes]
因此,您的视图应如下所示:
class AdListGeneric(generics.ListCreateAPIView):
permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]
...