Fatal编程技术网
  • django-rest-framework/
  • Django rest framework DRF如何在基于函数的视图上使用DjangoModelPermissions?

Django rest framework DRF如何在基于函数的视图上使用DjangoModelPermissions?

django-rest-framework

Django rest framework DRF如何在基于函数的视图上使用DjangoModelPermissions?,django-rest-framework,Django Rest Framework,我使用视图函数来分隔,而不是使用viewset/queryset。问题是,如何根据用户组权限限制查看功能的权限 示例代码: @api_view(['GET', 'POST']) @permission_classes([DjangoModelPermissions]) def some_list(request): """ List all something, or create a new something. """ {...code here...} 错

我使用视图函数来分隔,而不是使用viewset/queryset。问题是,如何根据用户组权限限制查看功能的权限

示例代码:

@api_view(['GET', 'POST'])
@permission_classes([DjangoModelPermissions])
def some_list(request):
    """
    List all something, or create a new something.
    """
    {...code here...}
错误:

Cannot apply DjangoModelPermissions on a view that does not set .queryset or have a .get_queryset() method.
最后,我创建了自己的自定义
DjangoModelPermissions
,而没有选中queryset以获取模型,而是为每个特定模型创建了多个子类

from rest_framework import permissions
from django.apps import apps

class BaseCustomModelPermissions(permissions.BasePermission):

    model_cls = None

    perms_map = {
        'GET': [],
        'OPTIONS': [],
        'HEAD': [],
        'POST': ['%(app_label)s.add_%(model_name)s'],
        'PUT': ['%(app_label)s.change_%(model_name)s'],
        'PATCH': ['%(app_label)s.change_%(model_name)s'],
        'DELETE': ['%(app_label)s.delete_%(model_name)s'],
    }

    authenticated_users_only = True

    def get_required_permissions(self, method):
        """
        Given a model and an HTTP method, return the list of permission
        codes that the user is required to have.
        """
        kwargs = {
            'app_label': self.model_cls._meta.app_label,
            'model_name': self.model_cls._meta.model_name
        }

        if method not in self.perms_map:
            raise exceptions.MethodNotAllowed(method)

        return [perm % kwargs for perm in self.perms_map[method]]

    def has_permission(self, request, view):
        # Workaround to ensure DjangoModelPermissions are not applied
        # to the root view when using DefaultRouter.
        if getattr(view, '_ignore_model_permissions', False):
            return True

        if not request.user or (
           not request.user.is_authenticated and self.authenticated_users_only):
            return False

        perms = self.get_required_permissions(request.method)

        return request.user.has_perms(perms)
示例子类:

class SomeModelPermissions(BaseCustomModelPermissions):
    model_cls = apps.get_model('my_app', 'its_Model')