has_object_permission 在 `(object)-detail` URLS 中根本没有被调用
has_object_permission not being called at all in `(object)-detail` URLS
我的问题是 has_object_permission() 被忽略了。即使我以正确的用户登录访问 http://127.0.0.1:8000/portfolios/3/,它仍然默认为 has_permission()。我做错了什么吗?
视图集class:
class PortfolioViewSet(viewsets.ModelViewSet):
queryset = Portfolio.objects.all()
serializer_class = serializers.PortfolioSerializer
permission_classes = (permissions.IsPortfolioOwner, )
权限Class:
class IsPortfolioOwner(permissions.BasePermission):
# Details
def has_object_permission(self, request, view, obj):
print("Checking for object")
ruser = request.user
if ruser is None:
return False
elif ruser == obj.client.user:
return True
def has_permission(self, request, view):
print("Checking for list")
return request.user.is_superuser
为了检查 has_object_permission,has_permission 必须 return True。如果它 returns False,那么权限检查将短路,请求将被拒绝。
您当前的权限 class 将只允许超级用户查看列表。并且在他们是超级用户的情况下无法查看单个对象并且查看当前用户的对象。
我的问题是 has_object_permission() 被忽略了。即使我以正确的用户登录访问 http://127.0.0.1:8000/portfolios/3/,它仍然默认为 has_permission()。我做错了什么吗?
视图集class:
class PortfolioViewSet(viewsets.ModelViewSet):
queryset = Portfolio.objects.all()
serializer_class = serializers.PortfolioSerializer
permission_classes = (permissions.IsPortfolioOwner, )
权限Class:
class IsPortfolioOwner(permissions.BasePermission):
# Details
def has_object_permission(self, request, view, obj):
print("Checking for object")
ruser = request.user
if ruser is None:
return False
elif ruser == obj.client.user:
return True
def has_permission(self, request, view):
print("Checking for list")
return request.user.is_superuser
为了检查 has_object_permission,has_permission 必须 return True。如果它 returns False,那么权限检查将短路,请求将被拒绝。
您当前的权限 class 将只允许超级用户查看列表。并且在他们是超级用户的情况下无法查看单个对象并且查看当前用户的对象。