【发布时间】:2020-02-01 11:44:30
【问题描述】:
我在项目中实现了BasePermission 类,但是当我要用他的令牌检索登录用户时,它显示You don't have a permission to perform this action
permissions.py
class IsLoggedInOrAdmin(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return obj.user == request.user or request.user.is_staff
class IsAdminUser(permissions.BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_staff
def has_object_permission(self, request, view, obj):
return request.user and request.user.is_staff
我的视图文件看起来像这样
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
def get_permissions(self):
permission_classes = []
if self.action == 'create':
permission_classes = [AllowAny]
elif self.action == 'retrieve' or self.action == 'update' or self.action == 'partial_update':
permission_classes = [IsLoggedInOrAdmin]
elif self.action == 'destroy' or self.action == 'list':
permission_classes = [IsAdminUser]
return [permission() for permission in permission_classes]
这是我到目前为止所做的。我创建了简单的用户并获取了令牌如果我在 Postman 中发送 GET 请求,我会收到一个详细错误,但它适用于超级用户的令牌,但不适用于所有者。我在哪里犯错?请问有什么帮助吗?提前致谢!
【问题讨论】:
标签: django python-3.x django-rest-framework