Python 如何写入实例的权限';s user是请求的用户。用户?
如何编写Python 如何写入实例的权限';s user是请求的用户。用户?,python,django,django-rest-framework,Python,Django,Django Rest Framework,如何编写IsThePhysicalServerUser 您可以看到我的更新视图: class PhysicalServerCustomerUpdateAPIView(UpdateAPIView): """ Customer's update PhysicalServer """ serializer_class = CustomerUpdatePhysicalServerSerializer permission_classes = [IsThePhysi
IsThePhysicalServerUser
您可以看到我的更新视图:
class PhysicalServerCustomerUpdateAPIView(UpdateAPIView):
"""
Customer's update PhysicalServer
"""
serializer_class = CustomerUpdatePhysicalServerSerializer
permission_classes = [IsThePhysicalServerUser]
queryset = PhysicalServer.objects.all()
我想在那里写一个权限,它是IsThePhysicalServerUser
PhysicalServer
型号如下:
class PhysicalServer(models.Model):
"""
实体服务器
"""
name = models.CharField(max_length=32)
desc = models.CharField(max_length=256, null=True, blank=True)
...
user = models.ForeignKey(to=User, related_name="physical_servers", null=True, blank=True, on_delete=models.SET_NULL)
我想让IsThePhysicalServerUser
权限实现PhysicalServer实例的用途是请求用户。如何写入权限?只需检查实例的user equals请求。user
:
class IsSuperAdminOrPhysicalServerCustomer(permissions.BasePermission):
"""
SuperUser or instance.user equals request.user
"""
def has_object_permission(self, request, view, obj):
# if you want everyone can see user info
if request.method in permissions.SAFE_METHODS:
return True
# if you use Django2.0 is_authenticated(request.user) should be changed to request.user.is_authenticated
if request.user and request.user.is_authenticated:
# instance.user equal self or is superuser
return obj.user == request.user or request.user.is_superuser
else:
return False