Django rest 允许获取但不允许列出

Question

我想允许get 将单个对象检索给来宾用户。但是保留list，它只为管理员检索数据库中该模型的所有项目。但我不确定如何区分get 和list，因为从我的角度来看，它们似乎都在get 之下。

以下是我的视图集：

class OrdersViewSet(viewsets.ModelViewSet):
    permission_classes = [IsAuthenticated|ReadOnly]
    serializer_class = OrderSerializer
    queryset = Order.objects.all()
    # parser_classes = (MultiPartParser,)
    model = Order
    def update(self, request, *args, **kwargs):
        kwargs['partial'] = True
        return super().update(request, *args, **kwargs)

还有我的只读：

from rest_framework.permissions import BasePermission, IsAuthenticated, SAFE_METHODS
class ReadOnly(BasePermission):
    def has_permission(self, request, view):
        return request.method in SAFE_METHODS

Answer 1

你可以使用get_permission函数和action。

class OrdersViewSet(viewsets.ModelViewSet):
    permission_classes = [IsAuthenticated|ReadOnly]
    serializer_class = OrderSerializer
    queryset = Order.objects.all()
    # parser_classes = (MultiPartParser,)
    model = Order
    def update(self, request, *args, **kwargs):
        kwargs['partial'] = True
        return super().update(request, *args, **kwargs)

    def get_permissions(self):
        if self.action == 'list':
            permission_classes = [IsAdmin]
        elif self.action == 'retrieve':
            permission_classes = [AllowAny]
        else:
            permission_classes = [ReadOnly]
    return [permission() for permission in permission_classes]