我正在开发一个用于学习目的的项目,具有以下配置:Python 3.4.4 django == 1.9.1 djangorestframework == 3.3.3 OS(Windows 8.1)
在项目我有一个模型Post我已经创建了permissions.py
from rest_framework import permissions
class IsAuthorOfPost(permissions.BasePermission):
def has_permission(self, request, view):
return True
def has_object_permission(self, request, view, post):
if request.user:
return post.author == request.user
return False
views.py:
from rest_framework import permissions, viewsets
from rest_framework.response import Response
from posts.models import Post
from posts.permissions import IsAuthorOfPost
from posts.serializers import PostSerializer
class PostViewSet(viewsets.ModelViewSet):
queryset = Post.objects.order_by('-created_at')
serializer_class = PostSerializer
def get_permissions(self):
if self.request.method in permissions.SAFE_METHODS:
return (permissions.AllowAny(),)
return (permissions.IsAuthenticated, IsAuthorOfPost(),)
def perform_create(self, serializer): …