Django Rest框架中的自定义权限
我有这个get视图,我想检查IsOwner权限 权限类Django Rest框架中的自定义权限,django,django-rest-framework,permissions,Django,Django Rest Framework,Permissions,我有这个get视图,我想检查IsOwner权限 权限类 class IsOwnerVendor(permissions.BasePermission): def has_object_permission(self, request, view, obj): print(f"Vendor Email:{obj.vendor_id.email}") print(f"Loggon user:{obj.vendor_id.email}" ) return obj.vendor
class IsOwnerVendor(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
print(f"Vendor Email:{obj.vendor_id.email}")
print(f"Loggon user:{obj.vendor_id.email}" )
return obj.vendor_id.email == request.user
这是我的对象模型
class Menu(models.Model):
name = models.CharField(max_length=100)
description = models.CharField(max_length=500)
price = models.FloatField()
quantity = models.IntegerField(default=1)
menu_cat = models.CharField(choices=MENU_CAT, max_length=5)
date_created = models.DateTimeField(auto_now_add=True)
last_edited = models.DateTimeField(auto_now=True)
vendor_id = models.ForeignKey(Vendor, on_delete=models.CASCADE)
is_recurring = models.BooleanField(default=False)
recurring_freq = models.IntegerField(default=1)
供应商模型
class Vendor(models.Model):
user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, blank=True, null=True)
business_name = models.CharField(max_length=100)
email = models.EmailField()
phone_number = PhoneField(help_text='Vendor phone number')
registered_on = models.DateTimeField(auto_now_add=True)
last_updated = models.DateTimeField(auto_now=True)
def __str__(self):
return self.business_name
这就是我的观点
class MenuDetailView(generics.GenericAPIView):
permission_classes = [IsOwnerVendor | IsOwnerVendor]
def get_serializer_class(self):
if self.request.method == 'PUT':
return MenuUpdateSerializer
elif self.request.method == 'GET':
return MenuListSerializer
else:
return MenuListSerializer
def get_object(self, pk):
try:
obj = Menu.objects.get(pk=pk, )
self.check_object_permissions(self.request, obj)
return obj
except Menu.DoesNotExist:
raise Http404
@method_permission_classes((IsOwnerVendor,))
def get(self, request, pk, format=None):
my_menu = self.get_object(pk=pk)
menu_serializer = MenuListSerializer(my_menu)
return Response(menu_serializer.data, status=status.HTTP_200_OK)
当我尝试访问视图时,总是会出现下面的错误
{
"detail": "You do not have permission to perform this action."
}
我已经阅读了DRF文件,但仍然无法确定我的问题所在
我还在控制台上打印了权限检查,并看到它应该返回true。
要点是您应该让has\u object\u permission方法返回True,您可以尝试:
返回obj.vendor\u id.email==request.user.email
或
返回obj.vendor\u id.user==request.user
,如果这仍然不起作用,您可以打印日志或设置断点以查看此方法返回False的原因。记得在下次测试之前重新启动本地服务器。请发布模型供应商详细信息。尝试返回obj.vendor\u id.email==request.user.email
?@Ykh,我已编辑以添加供应商模型。我也厌倦了你的方法。我仍然得到相同的结果。尝试返回obj.vendor\u id.user==request.user@Ykh,我刚刚使用return obj.vendor\u id.email==request.user.email进行了重试,现在它开始工作了。我会打赌我试过了。我花了几个小时试图找出确切的问题。谢谢你,伙计。尊敬你能回答我的问题吗?所以我接受?