我在项目中实现了BasePermission类,但是当我要使用其令牌检索登录的用户时,它会显示You don't have a permission to perform this action
permissions.py
class IsLoggedInOrAdmin(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return obj.user == request.user or request.user.is_staff
class IsAdminUser(permissions.BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_staff
def has_object_permission(self, request, view, obj):
return request.user and request.user.is_staff
我的视图文件如下所示
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
def get_permissions(self):
permission_classes = []
if self.action == 'create':
permission_classes = [AllowAny]
elif self.action == 'retrieve' or self.action == 'update' or self.action == 'partial_update':
permission_classes = [IsLoggedInOrAdmin]
elif self.action == 'destroy' or self.action == 'list':
permission_classes = [IsAdminUser]
return [permission() for permission in permission_classes]
这是我到目前为止所做的。我创建了一个简单的用户并获得了令牌如果我在邮递员中发送GET请求,则会收到详细信息错误,但它可以与超级用户的令牌(但不是所有者)一起正常工作。我在哪里犯错?有什么帮助吗?预先感谢!
答案 0 :(得分:0)
我注意到DRF Official DOC
仅在以下情况下才调用实例级别的has_object_permission方法 视图级别的has_permission检查已通过 另请注意,为了运行实例级检查, 查看代码应显式调用.check_object_permissions(request, obj)
我认为在这里您需要显式调用check_object_permission而不是在has_permission上进行中继。