DjangoRestFramework-has_权限错误重写has_object_权限
这是我的许可:DjangoRestFramework-has_权限错误重写has_object_权限,django,django-rest-framework,django-permissions,Django,Django Rest Framework,Django Permissions,这是我的许可: class IsCreationOrAuthenticatedOrIsOwnerOrWatchOrReadOnly(permissions.BasePermission): """ Allow only the owner (and admin) of the object to make changes (i.e. do PUT, PATCH, DELETE and POST requests. Allow all other users Rea
class IsCreationOrAuthenticatedOrIsOwnerOrWatchOrReadOnly(permissions.BasePermission):
"""
Allow only the owner (and admin) of the object to make changes (i.e.
do PUT, PATCH, DELETE and POST requests. Allow all other users
ReadOnly or Follow options. This is for UserViewSet. Allow unauthenticated users to
create objects.
"""
def has_permission(self, request, view):
if not request.user.is_authenticated():
if view.action == 'create':
return True
return False
return request.method in permissions.SAFE_METHODS or request.user.is_staff or view.action=='follow'
def has_object_permission(self, request, view, obj):
if not request.user.is_authenticated():
return False
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_staff:
return True
if view.action == 'follow':
return True
return obj.owner == request.user
中有_权限return request.method in permissions.SAFE_METHODS or request.user.is_staff or view.action=='follow'
但是,此处的PUT、PATCH和DELETE取决于if
obj.owner==request.user拥有\u权限obj.owner==request.user拥有权限拥有对象权限def has_object_permission(self, request, view, obj):
if request.method == 'POST':
return True
if not request.user.is_authenticated():
return False
if request.method in permissions.SAFE_METHODS:
return True
if request.user.is_staff:
return True
if view.action == 'follow':
return True
return obj.owner == request.user
为什么不从
has\u permissionhas\u object\u permissionhas\u object\u permissionhas\u permission