Django rest framework DRF如何在基于函数的视图上使用DjangoModelPermissions?
我使用视图函数来分隔,而不是使用viewset/queryset。问题是,如何根据用户组权限限制查看功能的权限 示例代码:Django rest framework DRF如何在基于函数的视图上使用DjangoModelPermissions?,django-rest-framework,Django Rest Framework,我使用视图函数来分隔,而不是使用viewset/queryset。问题是,如何根据用户组权限限制查看功能的权限 示例代码: @api_view(['GET', 'POST']) @permission_classes([DjangoModelPermissions]) def some_list(request): """ List all something, or create a new something. """ {...code here...} 错
@api_view(['GET', 'POST'])
@permission_classes([DjangoModelPermissions])
def some_list(request):
"""
List all something, or create a new something.
"""
{...code here...}
错误:
Cannot apply DjangoModelPermissions on a view that does not set .queryset or have a .get_queryset() method.
最后,我创建了自己的自定义
DjangoModelPermissions
,而没有选中queryset以获取模型,而是为每个特定模型创建了多个子类
from rest_framework import permissions
from django.apps import apps
class BaseCustomModelPermissions(permissions.BasePermission):
model_cls = None
perms_map = {
'GET': [],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
authenticated_users_only = True
def get_required_permissions(self, method):
"""
Given a model and an HTTP method, return the list of permission
codes that the user is required to have.
"""
kwargs = {
'app_label': self.model_cls._meta.app_label,
'model_name': self.model_cls._meta.model_name
}
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
perms = self.get_required_permissions(request.method)
return request.user.has_perms(perms)
示例子类:
class SomeModelPermissions(BaseCustomModelPermissions):
model_cls = apps.get_model('my_app', 'its_Model')