DRF 权限的流程
django rest framework,入口是 dispatch,然后依次
--->>封装请求--->>处理版本--->>>认证--->>>权限--->>>限制访问频率
(1)auth需要通过token唯一标识来认证
(2)通过auth认证后得到,用户user信息,但是没有admin的权限
权限用来做进一步做职责的划分
代码
class MyPermission(object):
message = \'无权访问\'
def has_permission(self,request,view):
if request.user == \'userAdmin\':
return True
return False
class GoodsListView(APIView):
#
# 先 登录认证 authentication_classes = [Myauthentication,]
# 不同等级的权限 依次 验证 permission_classes = [userPermission,adminPermission]
permission_classes = [MyPermission,]
def get(self,request,*args,**kwargs):
goods = Goods.objects.all()
goods_serializer = GoodsSerializer(goods,many=True)
return Response(goods_serializer.data)
# 权限的错误提示信息
def permission_denied(self, request, message=None):
"""
If request is not permitted, determine what kind of exception to raise.
"""
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated(detail=\'自定义信息\')
raise exceptions.PermissionDenied(detail=message)