Django Rest框架自定义权限';s消息未显示
我正在用Django Rest框架编写一个应用程序 我创建了一个自定义权限。我为自定义权限提供了一个Django Rest框架自定义权限';s消息未显示,django,permissions,django-rest-framework,django-permissions,django-2.1,Django,Permissions,Django Rest Framework,Django Permissions,Django 2.1,我正在用Django Rest框架编写一个应用程序 我创建了一个自定义权限。我为自定义权限提供了一个message属性,但仍然返回默认的详细信息 让我给你我的密码 permissions.py: from annoying.functions import get_object_or_None from rest_framework import permissions from intquestions.models import IntQuestion from ..models imp
messagepermissions.pyfrom annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
views.pyfrom annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
为什么权限消息是默认的
“未提供身份验证凭据”。未提供身份验证凭据。接下来,对于
message如何显示自定义的
许可被拒绝从视图集()的
权限被拒绝()方法引发的权限被拒绝异常()
所以你的观点应该是这样的,
from rest_framework import exceptions
class CandidateCreateAPIView(generics.CreateAPIView):
# your code
def permission_denied(self, request, message=None):
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated()
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)
我也有同样的问题,最后我找到了关键点:
不要使用任何身份验证
REST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
我遇到了同样的问题,我找到了解决方案,您甚至不需要AllowAny权限,只需将身份验证\u类设置为空数组,例如:
class TestView(generics.RetrieveAPIView):
renderer_classes = (JSONRenderer,)
permission_classes = (isSomethingElse,)
serializer_class = ProductSerializer
authentication_classes = [] # You still need to declare it even it is empty
def retrieve(self, request, *args, **kwargs):
pass
希望它仍然有用。(DRF的作者):
如果你不想,我建议明确提出一个许可被拒绝
允许运行“未经验证vs权限被拒绝”检查
他没有继续明确提到最好的地方在哪里。公认的答案似乎是这样的。但是,我觉得最好的地方是自定义权限
类本身,因为视图可能有多个权限,其中任何一个都可能失败
以下是我的观点(为了简洁起见,代码被截断):
从rest_框架导入异常,权限#=总计_int_问题:
提出例外。PermissionDenied(detail=CANDIDATE#你已经回答了)#哇,这太奇怪了。首先,在上面的示例中,它表示消息
将提供一个自定义消息。其次,我在设置中使用AllowAny
作为默认权限。那么为什么它会要求认证凭证呢?我提供的唯一其他权限是我的自定义权限。我找到了指定message属性的行。我想,我的答案部分正确。您是如何向API提供凭据的?同样,我没有提供任何凭据,因为我的视图的权限是AllowAny
。