我的应用程序中有以下模型
class Employee(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE, primary_key=True)
employee_name = models.CharField(max_length=500, default=0)
employee_email = models.EmailField(max_length=500, default=0)
employee_phone = models.CharField(max_length=500, default=0)
employee_city = models.CharField(max_length=500, default=0)
employee_role = models.CharField(max_length=100, default='View')
class GroupModels(models.Model):
model_coices = (('Product', 'Product'), ('Kit', 'Kit'), ('Vendor', 'Vendor'), ('Warehouse', 'Warehouse')
, ('Flow', 'Flow'), ('ReceiverClient', 'ReceiverClient'))
models = models.CharField(max_length=500, default=0, choices=model_coices)
class Group(models.Model):
name = models.CharField(max_length=500, default=0)
emp = models.ForeignKey(Employee, on_delete=models.CASCADE)
models = models.ManyToManyField(GroupModels)
这是尝试为每个 Employee 创建自定义权限以执行某些操作
现在我有以下视图来创建 Product
class ProductCreateAPIView(CreateAPIView):
permission_classes = (permissions.IsAuthenticated,)
serializer_class = ProductSerializer
def post(self, request, *args, **kwargs):
owner = request.user.pk
d = request.data.copy()
d['owner'] = owner
serializer = ProductSerializer(data=d)
if serializer.is_valid():
serializer.save()
print("Serializer data", serializer.data)
o = Product.objects.get(id=serializer.data['id'])
ow = User.objects.get(id=owner)
Inventory.objects.create(product=o, quantity=0, owner=ow)
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
我如何创建一个装饰器来只允许那些在 Product 模型中有 Group 的员工访问这个函数?