Django Rest框架中的自定义权限_Django_Django Rest Framework_Permissions

Django Rest框架中的自定义权限

django django-rest-framework permissions

Django Rest框架中的自定义权限,django,django-rest-framework,permissions,Django,Django Rest Framework,Permissions,我有这个get视图，我想检查IsOwner权限权限类 class IsOwnerVendor(permissions.BasePermission): def has_object_permission(self, request, view, obj): print(f"Vendor Email:{obj.vendor_id.email}") print(f"Loggon user:{obj.vendor_id.email}" ) return obj.vendor

我有这个get视图，我想检查IsOwner权限

权限类

class IsOwnerVendor(permissions.BasePermission):

def has_object_permission(self, request, view, obj):
    print(f"Vendor Email:{obj.vendor_id.email}")
    print(f"Loggon user:{obj.vendor_id.email}" )
    return obj.vendor_id.email == request.user

这是我的对象模型

class Menu(models.Model):
    name = models.CharField(max_length=100)
    description = models.CharField(max_length=500)
    price = models.FloatField()
    quantity = models.IntegerField(default=1)
    menu_cat = models.CharField(choices=MENU_CAT, max_length=5)
    date_created = models.DateTimeField(auto_now_add=True)
    last_edited = models.DateTimeField(auto_now=True)
    vendor_id = models.ForeignKey(Vendor, on_delete=models.CASCADE)
    is_recurring = models.BooleanField(default=False)
    recurring_freq = models.IntegerField(default=1)

供应商模型

class Vendor(models.Model):
    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, blank=True, null=True)
    business_name = models.CharField(max_length=100)
    email = models.EmailField()
    phone_number = PhoneField(help_text='Vendor phone number')
    registered_on = models.DateTimeField(auto_now_add=True)
    last_updated = models.DateTimeField(auto_now=True)

    def __str__(self):
        return self.business_name

这就是我的观点

class MenuDetailView(generics.GenericAPIView):
    permission_classes = [IsOwnerVendor | IsOwnerVendor]

    def get_serializer_class(self):
        if self.request.method == 'PUT':
            return MenuUpdateSerializer
        elif self.request.method == 'GET':
            return MenuListSerializer
        else:
            return MenuListSerializer

    def get_object(self, pk):
        try:
            obj = Menu.objects.get(pk=pk, )
            self.check_object_permissions(self.request, obj)
            return obj
        except Menu.DoesNotExist:
            raise Http404

    @method_permission_classes((IsOwnerVendor,))
    def get(self, request, pk, format=None):
        my_menu = self.get_object(pk=pk)
        menu_serializer = MenuListSerializer(my_menu)
        return Response(menu_serializer.data, status=status.HTTP_200_OK)

当我尝试访问视图时，总是会出现下面的错误

{
    "detail": "You do not have permission to perform this action."
}

我已经阅读了DRF文件，但仍然无法确定我的问题所在

我还在控制台上打印了权限检查，并看到它应该返回true。

要点是您应该让has\u object\u permission方法返回True，您可以尝试：

返回obj.vendor\u id.email==request.user.email

或

返回obj.vendor\u id.user==request.user

，如果这仍然不起作用，您可以打印日志或设置断点以查看此方法返回False的原因。记得在下次测试之前重新启动本地服务器。

请发布模型供应商详细信息。尝试

返回obj.vendor\u id.email==request.user.email

？@Ykh，我已编辑以添加供应商模型。我也厌倦了你的方法。我仍然得到相同的结果。尝试返回obj.vendor\u id.user==request.user@Ykh，我刚刚使用return obj.vendor\u id.email==request.user.email进行了重试，现在它开始工作了。我会打赌我试过了。我花了几个小时试图找出确切的问题。谢谢你，伙计。尊敬你能回答我的问题吗？所以我接受？