Django rest framework DRF-检查用户权限
我想检查每个方法中用户的权限,因此,在调用到达方法处理程序之前,必须检查权限(DRY)。根据文档Django rest framework DRF-检查用户权限,django-rest-framework,Django Rest Framework,我想检查每个方法中用户的权限,因此,在调用到达方法处理程序之前,必须检查权限(DRY)。根据文档initial使我能够做到这一点,但这是一种好的做法吗 class StorageDetail(APIView): def initial(self, request, *args, **kwargs): if not has_permission(request): return Response(status=status.HTTP_403_FOR
initial
使我能够做到这一点,但这是一种好的做法吗
class StorageDetail(APIView):
def initial(self, request, *args, **kwargs):
if not has_permission(request):
return Response(status=status.HTTP_403_FORBIDDEN)
super(StorageDetail, self).initial(request, *args, **kwargs)
def post(self, request, storage_id):
# ....
def put(self, request, storage_id):
# ...
不,这不是一个好的做法。根据权限级别,最好使用权限类
from rest_framework import permissions
class CustomerAccessPermission(permissions.BasePermission):
message = 'Adding customers not allowed.'
def has_permission(self, request, view):
return True
class ExampleView(APIView):
permission_classes = (IsAuthenticated, CustomerAccessPermission,)