Django REST Framework - 自定义权限不评估
Django REST Framework - Custom Permissions not Evaluating
我正在尝试对扩展 viewsets.ModelViewSet 的 class 设置自定义权限,但我的权限似乎没有被评估。这是我的观点:
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
这是我的许可 class:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我 运行 遇到的问题是 IsAdminOrAuthenticatedReadOnly 似乎从未得到评估。我通过强制它始终 return "False" 和在视图中将 permission_classes 值切换为 "IsAuthenticated" 来测试它。在前一种情况下,对端点 return 的请求就像没有身份验证要求一样。稍后,将按预期强制执行身份验证。
知道我遗漏了什么吗?
方法名是has_permission不是has_permissions(没有s);)
我正在尝试对扩展 viewsets.ModelViewSet 的 class 设置自定义权限,但我的权限似乎没有被评估。这是我的观点:
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
这是我的许可 class:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我 运行 遇到的问题是 IsAdminOrAuthenticatedReadOnly 似乎从未得到评估。我通过强制它始终 return "False" 和在视图中将 permission_classes 值切换为 "IsAuthenticated" 来测试它。在前一种情况下,对端点 return 的请求就像没有身份验证要求一样。稍后,将按预期强制执行身份验证。
知道我遗漏了什么吗?
方法名是has_permission不是has_permissions(没有s);)