我正在使用DRF编写API.我想为我的Modelviewsets中的每个视图赋予不同的权限.我有两个小组(客户和员工).我在permissions.py中将它们过滤为Isstaff和Iscustomer .
class Iscustomer(permissions.BasePermission):
def has_permission(self, request, view):
if request.user and request.user.groups.filter(name='customers'):
return True
return False
class Isstaff(permissions.BasePermission):
def has_permission(self, request, view):
if request.user and request.user.groups.filter(name='staff'):
return True
return False
我试图覆盖使用get_permissions方法.当我放入一个组时self.permission_classes,它工作正常.
class cityviewset(viewsets.ModelViewSet):
queryset = city.objects.all()
serializer_class = citySerializer
def get_permissions(self):
if self.request.method == 'POST' or self.request.method == 'DELETE':
self.permission_classes = [Isstaff]
return super(cityviewset, self).get_permissions()
但是,当我尝试将多个组放入时self.permission_classes,它会失败.
def get_permissions(self):
if self.request.method == 'POST' or self.request.method == 'DELETE':
self.permission_classes = [Isstaff,Iscustomer,]
return super(cityviewset, self).get_permissions()
django permissions django-permissions django-rest-framework role-based-access-control