贴源码:
class BasePermission(metaclass=BasePermissionMetaclass):
"""
A base class from which all permission classes should inherit.
所有权限类都应该继承的基类。
"""
def has_permission(self, request, view):
"""
Return `True` if permission is granted, `False` otherwise.
"""
return True
def has_object_permission(self, request, view, obj):
"""
Return `True` if permission is granted, `False` otherwise.
"""
return True
是我没找对,源码没看头,再找上层还是没看头,官方文档看起来晦涩难懂。只有不断试错,才知道正解
自定义权限类:
class IsLeaderAndOwnerUserPermission(permissions.BasePermission):
def has_permission(self, request, view):
print('saaaaaaaaaa')
# if not request.user.pid:
# '''组长'''
# return True
# else:
# return False
# if request.method in permissions.SAFE_METHODS:
# return True
return False
def has_object_permission(self, request, view, obj):
# if request.method in permissions.SAFE_METHODS:
# return True
#
print('ooooooooooooo')
print(request.user.id)
print(obj,type(obj))
return True
我的理解:
1. 访问列表时,只执行has_permission,不执行has_object_permission
2.访问对象时,首先执行has_permission,
当返回True时,再执行has_object_permission;
当返回False时,has_object_permission不再执行
我的使用策略:
我建议大家去官网看,仅记录个人使用心得,环境:
Django==3.0.6
djangorestframework==3.11.0
-
当访问列表需要限制时,用过滤器:
def get_queryset(self): user = self.request.user stream = self.request.stream.path id = stream.split('/')[-2] if not id.isdigit():#不带ID if not user.pid: '''组长''' return UserInfo.objects.filter(pid=user.id) else: return UserInfo.objects.filter(userinfo=user) else: '''拷贝源码''' queryset = self.queryset if isinstance(queryset, QuerySet): # Ensure queryset is re-evaluated on each request. queryset = queryset.all() return queryset -
访问对象时,权限可以用过滤器,也可以用has_object_permission
网友评论