允許所有用戶獲取方法的權限，並允許只有在Django休息api的超級用戶post方法

Question

class CategoryViewSet(viewsets.ModelViewSet): 
    """ViewSet for the Category class""" 

    queryset = models.Category.objects.all() 
    serializer_class = serializers.CategorySerializer 
    permission_classes = [permissions.IsAuthenticated] 

如何讓所有用戶的方法和超級用戶的post方法只。

Answer 1

檢查您的功能請求是否是POST或GET。如果是帖子，您可以檢查用戶的憑據以驗證他們是否是超級用戶。

def list(self, request): 
    if request.method == 'POST': 
     if request.user.is_superuser: 
      # let superuser do their thing 
     else: 
      # error! you're not allowed to do this! 
    elif request.method == 'GET': 
     # you're any user who is allowed to do their thing