Python Django OAuthToolkit每个特定方法的作用域
我正在使用Django Rest框架和 我希望令牌提供的作用域应该是特定于HTTP方法的。例如:同一APIView的GET、PUT、DELETE应具有不同的作用域 以下是我的APIPython Django OAuthToolkit每个特定方法的作用域,python,django,oauth-2.0,django-rest-framework,oauth2-toolkit,Python,Django,Oauth 2.0,Django Rest Framework,Oauth2 Toolkit,我正在使用Django Rest框架和 我希望令牌提供的作用域应该是特定于HTTP方法的。例如:同一APIView的GET、PUT、DELETE应具有不同的作用域 以下是我的API class MyView(RetrieveUpdateDestroyAPIView): permission_classes = [TokenHasScope] required_scopes = ['scope1'] serializer_class = ModelSerializer
class MyView(RetrieveUpdateDestroyAPIView):
permission_classes = [TokenHasScope]
required_scopes = ['scope1']
serializer_class = ModelSerializer
queryset = Model.objects.all()
目前,范围设置在类级别,这意味着要访问所有GET、PUT和DELETE方法,令牌应该具有scope1
我希望不同的HTTP方法应该有不同的作用域。如何为不同的方法设置不同的作用域?要处理这种情况,我认为您需要实现一个新的权限类,如下所示:
class TokenHasScopeForMethod(TokenHasScope):
def has_permission(self, request, view):
token = request.auth
if not token:
return False
if hasattr(token, "scope"):
# Get the scopes required for the current method from the view
required_scopes = view.required_scopes_per_method[request.method]
return token.is_valid(required_scopes)
class MyView(RetrieveUpdateDestroyAPIView):
permission_classes = [TokenHasScopeForMethod]
required_scopes_per_method = {'POST': ['post_scope'], 'GET': ['get_scope']}
serializer_class = ModelSerializer
queryset = Model.objects.all()
在您的视图中使用它,如下所示:
class TokenHasScopeForMethod(TokenHasScope):
def has_permission(self, request, view):
token = request.auth
if not token:
return False
if hasattr(token, "scope"):
# Get the scopes required for the current method from the view
required_scopes = view.required_scopes_per_method[request.method]
return token.is_valid(required_scopes)
class MyView(RetrieveUpdateDestroyAPIView):
permission_classes = [TokenHasScopeForMethod]
required_scopes_per_method = {'POST': ['post_scope'], 'GET': ['get_scope']}
serializer_class = ModelSerializer
queryset = Model.objects.all()
也许您可以使用权限类
class SongView(views.APIView):
authentication_classes = [OAuth2Authentication]
permission_classes = [TokenMatchesOASRequirements]
required_alternate_scopes = {
"GET": [["read"]],
"POST": [["create"], ["post", "widget"]],
"PUT": [["update"], ["put", "widget"]],
"DELETE": [["delete"], ["scope2", "scope3"]],
}
令人惊叹的。工作起来很有魅力。(y)