Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/django/21.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python Django OAuthToolkit每个特定方法的作用域_Python_Django_Oauth 2.0_Django Rest Framework_Oauth2 Toolkit - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python Django OAuthToolkit每个特定方法的作用域

Python Django OAuthToolkit每个特定方法的作用域

python django oauth-2.0 django-rest-framework

Python Django OAuthToolkit每个特定方法的作用域,python,django,oauth-2.0,django-rest-framework,oauth2-toolkit,Python,Django,Oauth 2.0,Django Rest Framework,Oauth2 Toolkit,我正在使用Django Rest框架和 我希望令牌提供的作用域应该是特定于HTTP方法的。例如:同一APIView的GET、PUT、DELETE应具有不同的作用域 以下是我的API class MyView(RetrieveUpdateDestroyAPIView): permission_classes = [TokenHasScope] required_scopes = ['scope1'] serializer_class = ModelSerializer

我正在使用Django Rest框架和

我希望令牌提供的作用域应该是特定于HTTP方法的。例如:同一APIView的GET、PUT、DELETE应具有不同的作用域

以下是我的API

class MyView(RetrieveUpdateDestroyAPIView):
    permission_classes = [TokenHasScope]
    required_scopes = ['scope1']
    serializer_class = ModelSerializer
    queryset = Model.objects.all()
目前,范围设置在类级别,这意味着要访问所有GET、PUT和DELETE方法,令牌应该具有
scope1

我希望不同的HTTP方法应该有不同的作用域。如何为不同的方法设置不同的作用域?

要处理这种情况,我认为您需要实现一个新的权限类,如下所示:

class TokenHasScopeForMethod(TokenHasScope):

     def has_permission(self, request, view):
         token = request.auth

         if not token:
             return False

         if hasattr(token, "scope"):
             # Get the scopes required for the current method from the view
             required_scopes = view.required_scopes_per_method[request.method]

             return token.is_valid(required_scopes)

class MyView(RetrieveUpdateDestroyAPIView):
     permission_classes = [TokenHasScopeForMethod]
     required_scopes_per_method = {'POST': ['post_scope'], 'GET': ['get_scope']}
     serializer_class = ModelSerializer
     queryset = Model.objects.all()
在您的视图中使用它,如下所示:

class TokenHasScopeForMethod(TokenHasScope):

     def has_permission(self, request, view):
         token = request.auth

         if not token:
             return False

         if hasattr(token, "scope"):
             # Get the scopes required for the current method from the view
             required_scopes = view.required_scopes_per_method[request.method]

             return token.is_valid(required_scopes)

class MyView(RetrieveUpdateDestroyAPIView):
     permission_classes = [TokenHasScopeForMethod]
     required_scopes_per_method = {'POST': ['post_scope'], 'GET': ['get_scope']}
     serializer_class = ModelSerializer
     queryset = Model.objects.all()
也许您可以使用权限类

class SongView(views.APIView):
    authentication_classes = [OAuth2Authentication]
    permission_classes = [TokenMatchesOASRequirements]
    required_alternate_scopes = {
        "GET": [["read"]],
        "POST": [["create"], ["post", "widget"]],
        "PUT":  [["update"], ["put", "widget"]],
        "DELETE": [["delete"], ["scope2", "scope3"]],
    }
令人惊叹的。工作起来很有魅力。(y)