【发布时间】:2015-08-18 06:14:24
【问题描述】:
我正在尝试在扩展 viewsets.ModelViewSet 的类上设置自定义权限,但似乎没有评估我的权限。这是我的看法:
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
这是我的权限类:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我遇到的问题是 IsAdminOrAuthenticatedReadOnly 似乎从未得到评估。我通过强制它始终返回“False”和在视图中将 permission_classes 值切换为“IsAuthenticated”来测试这一点。在前一种情况下,对端点的请求会返回,就好像没有身份验证要求一样。在后者中,身份验证按预期执行。
任何想法我缺少什么?
【问题讨论】:
标签: django django-rest-framework