0
我想設置一個擴展viewsets.ModelViewSet類的自定義權限,它似乎我的權限沒有被評估。這是我的觀點:Django的REST框架 - 自定義權限不評估
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
這裏是我的允許類:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我遇到的問題是,IsAdminOrAuthenticatedReadOnly似乎從來沒有得到評估。我通過強制它總是返回「False」並通過在視圖中將permission_classes值切換爲「IsAuthenticated」來測試它。在前一種情況下,對端點的請求返回,就好像沒有認證要求一樣。在以後,認證按預期執行。
任何想法我失蹤?
ugh。你是對的,謝謝 –