我正在写博客,我正在尝试使用drf设置自定义权限。预定义的有效,而自定义的无效。我在控制台中显示了返回给我的内容,请求中的用户是匿名的。
permissions.py
from rest_framework import permissions
class IsOwner(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if obj.author == request.user:
#print(f'Author:{obj.author}, request: {request.user}')
return True
else:
return False
views.py
from rest_framework.views import APIView
from rest_framework import generics
from rest_framework.renderers import TemplateHTMLRenderer
from rest_framework.response import Response
from rest_framework import permissions
from rest_framework.authentication import TokenAuthentication
from posts import serializers
from posts import models
from posts import permissions as custom_permissions
from django.http import Http404
class PostListView(APIView):
renderer_classes = [TemplateHTMLRenderer]
template_name = 'posts/post-list.html'
authentication_classes = [TokenAuthentication]
def get(self, request, format=None):
posts = models.Post.objects.all().order_by('-id')
return Response({'posts': posts})
class PostDetailView(APIView):
renderer_classes = [TemplateHTMLRenderer]
template_name = 'posts/post-detail.html'
authentication_classes = [TokenAuthentication]
permission_classes = [custom_permissions.IsOwner]
def get_object(self, pk):
obj = models.Post.objects.get(pk=pk)
print(f'obj_auhor: {obj.author}')
self.check_object_permissions(self.request, obj)
return obj
def get(self, request, pk, format=None):
post = self.get_object(pk)
print(f'Post detail {post}')
return Response({'post': post})