Abd*_*dul 3 django django-permissions python-3.x django-rest-framework
我已经创建了一个 API,并且正在尝试向我的 API 应用程序中的视图提供权限。我已将用户分配到管理门户中具有权限的组,然后在视图中使用DjangoModelPermissions,以便权限根据不起作用的管理门户运行。当我使用IsAdminUser时,它的工作方式是阻止其他用户读取视图。但对于DjangoModelPermissions来说它不起作用。
简单来说,我想阻止少数用户访问视图,即使在分配权限并在权限玻璃中传递此值DjangoModelPermissions后,用户仍然能够访问该视图。
我的管理组中的用户和组分配给具有所有权限的开发人员组的一名超级用户。分配给语言组的一名测试用户只能访问语言视图。
型号代码
```Python
from django.db import models
class Paradigm(models.Model):
name = models.CharField(max_length=50)
def __str__(self):
return self.name
# Create your models here.
class Language(models.Model):
name = models.CharField(max_length=50)
paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)
# this method will help us to get the actual Name insted of object name
def __str__(self):
return self.name
class Programmer(models.Model):
name = models.CharField(max_length=50)
languages = models.ManyToManyField(Language)
def __str__(self):
return self.name
查看代码
from django.shortcuts import render
from rest_framework import viewsets, permissions
from .models import Language, Programmer, Paradigm
from .serializers import LanguageSerializer, ParadigmSerializer, ProgrammerSerializer
from rest_framework.permissions import BasePermission, IsAdminUser, DjangoModelPermissions
# Create your views here.
class LanguageView(viewsets.ModelViewSet):
queryset = Language.objects.all()
serializer_class = LanguageSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ProgrammerView(viewsets.ModelViewSet):
queryset = Programmer.objects.all()
serializer_class = ProgrammerSerializer
#This Below line is working only for Admin user
permission_classes = [IsAdminUser]
请帮助我,因为我是 Django 新手。谢谢。
小智 12
创建permissions.py文件如下:
from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
perms_map = {
'GET':['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
扩展默认的 DjangoModelPermissions,并添加此 perms_map,将views.py 更新为:
from .permissions import D7896DjangoModelPermissions
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
permission_classes = [D7896DjangoModelPermissions]
这对我有用:)
| 归档时间: |
|
| 查看次数: |
1151 次 |
| 最近记录: |