未显示 Django Rest Framework 自定义权限的消息

Question

未显示 Django Rest Framework 自定义权限的消息

J. *_*ers 2 django permissions django-permissions django-rest-framework django-2.1

我正在使用 Django Rest Framework 编写应用程序。

我创建了一个自定义权限。我为message自定义权限提供了一个属性，但仍然返回默认详细信息。

让我给你我的代码。

permissions.py：

from annoying.functions import get_object_or_None
from rest_framework import permissions

from intquestions.models import IntQuestion

from ..models import Candidate, CandidatePickedIntChoice

CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."


class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
    """
    Permission to check if the candidate has answered all questions.
    Expects candidate's email or UUID in the request's body.
    """
    message = CANDIDATE_ALREADY_ANSWERED

    def has_permission(self, request, view):
        candidate = None
        email = request.data.get("email", None)
        if email:
            candidate = get_object_or_None(Candidate, email=email)
        else:
            uuid = request.data.get("candidate", None)
            if uuid:
                candidate = get_object_or_None(Candidate, uuid=uuid)

        if candidate:
            picked_choices = CandidatePickedIntChoice.objects.filter(
                candidate=candidate
            ).count()
            total_int_questions = IntQuestion.objects.count()

            if picked_choices >= total_int_questions:
                return False

        return True

Run Code Online (Sandbox Code Playgroud)

views.py：

from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response

from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer


class CandidateCreateAPIView(generics.CreateAPIView):
    serializer_class = CandidateSerializer
    queryset = Candidate.objects.all()
    permission_classes = (CandidateAnsweredQuestionsPermission,)

    def create(self, request, *args, **kwargs):
        candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
        if not candidate:
            serializer = self.get_serializer(data=request.data)
            serializer.is_valid(raise_exception=True)
            self.perform_create(serializer)
            headers = self.get_success_headers(serializer.data)
            return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
        else:
            serializer = self.get_serializer(candidate, data=request.data)
            serializer.is_valid(raise_exception=True)
            return Response(serializer.data, status=status.HTTP_200_OK)

Run Code Online (Sandbox Code Playgroud)

注意：我正在构建的应用程序可以让候选人回答问题。我这样覆盖create函数的原因是，还没有完成所有问题的候选人仍然可以回答所有问题。

为什么权限消息是默认的"Authentication credentials were not provided."而不是我自己的？

Answer 1

JPG*_*JPG 5

该消息Authentication credentials were not provided.表明，您没有获得凭据。它不同于凭证错误消息

接下来的事情是，没有属性message的BasePermission类，所以它不会用你message，除非你强制属性。(源代码)

如何显示自定义PermissionDenied消息？从方法 ove viewset引发
的PermissionDenied异常permission_denied()，（源代码）
所以你的视图应该是这样的，

from rest_framework import exceptions


class CandidateCreateAPIView(generics.CreateAPIView):
    # your code
    def permission_denied(self, request, message=None):
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
        raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)

Run Code Online (Sandbox Code Playgroud)

哇，这太奇怪了。首先，[在文档中](https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions) 就在示例上方，它说 `message` 将提供自定义消息。其次，我在我的设置中使用 `AllowAny` 作为我的默认权限。那么为什么它会要求提供身份验证凭据呢？我提供的唯一其他权限是我的自定义权限。 (2认同)

归档时间：	7 年，1 月前
查看次数：	1255 次
最近记录：	5 年前