django drf 权限permission

Posted chenyishi

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了django drf 权限permission相关的知识,希望对你有一定的参考价值。

https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions

 

from django.shortcuts import render

from rest_framework import mixins,viewsets
from .serializers import UserFavSerializer
from .models import UserFav
from rest_framework.permissions import IsAuthenticated
# Create your views here.
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
    """
    Object-level permission to only allow owners of an object to edit it.
    Assumes the model instance has an `owner` attribute.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we‘ll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Instance must have an attribute named `owner`.
        return obj.user == request.user

class UserFavSetview(mixins.CreateModelMixin,mixins.ListModelMixin,
                     mixins.DestroyModelMixin,viewsets.GenericViewSet):
    permission_classes = (IsAuthenticated,IsOwnerOrReadOnly) #需登陆和需要是拥有者
    serializer_class = UserFavSerializer
    # queryset = UserFav.objects.all()
    def get_queryset(self):
        return UserFav.objects.filter(user=self.request.user)

PS:可以在view中配置authtication_classes,来指明特定的接口需要授权

以上是关于django drf 权限permission的主要内容,如果未能解决你的问题,请参考以下文章

django drf 动态权限配置和动态seriaizer_class配置

Django REST框架 - 如何快速检查用户权限?

单个视图的基于 Django REST 框架组的权限

DRF的权限和频率

DRF 权限 频率

06.drf(django)的权限