Python 根据Django中选择的按钮更改权限
我正在研究DRF并使用ViewSet创建API。我有一个问题: 假设我有两个按钮,分别是Employee和Manager。如果用户单击了Employee,则它只能访问GET请求;如果用户单击了Manager,则它具有POST、PUT和修补程序权限 型号.pyPython 根据Django中选择的按钮更改权限,python,django,django-rest-framework,Python,Django,Django Rest Framework,我正在研究DRF并使用ViewSet创建API。我有一个问题: 假设我有两个按钮,分别是Employee和Manager。如果用户单击了Employee,则它只能访问GET请求;如果用户单击了Manager,则它具有POST、PUT和修补程序权限 型号.py class Employee(models.Model): emp_id = models.AutoField(primary_key=True) emp_name = models.CharField(max_length
class Employee(models.Model):
emp_id = models.AutoField(primary_key=True)
emp_name = models.CharField(max_length=30)
email = models.EmailField(max_length=254, unique=True)
position = models.CharField(max_length=30)
team = models.CharField(max_length=30)
phone = models.CharField(max_length=20, unique=True)
class EmpViewSet(viewsets.ModelViewSet):
serializer_class = EmployeeSerializer
queryset = Employee.objects.all()
permission_classes = [OfficeEngineerPermission]
class EmployeeSerializer(serializers.ModelSerializer):
class Meta:
model = Employee
fields = '__all__'
SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
def has_permission(self, request, view):
if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
return True
return Response({'message':'This is not allowed'})
viewsets.py
class Employee(models.Model):
emp_id = models.AutoField(primary_key=True)
emp_name = models.CharField(max_length=30)
email = models.EmailField(max_length=254, unique=True)
position = models.CharField(max_length=30)
team = models.CharField(max_length=30)
phone = models.CharField(max_length=20, unique=True)
class EmpViewSet(viewsets.ModelViewSet):
serializer_class = EmployeeSerializer
queryset = Employee.objects.all()
permission_classes = [OfficeEngineerPermission]
class EmployeeSerializer(serializers.ModelSerializer):
class Meta:
model = Employee
fields = '__all__'
SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
def has_permission(self, request, view):
if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
return True
return Response({'message':'This is not allowed'})
序列化程序.py
class Employee(models.Model):
emp_id = models.AutoField(primary_key=True)
emp_name = models.CharField(max_length=30)
email = models.EmailField(max_length=254, unique=True)
position = models.CharField(max_length=30)
team = models.CharField(max_length=30)
phone = models.CharField(max_length=20, unique=True)
class EmpViewSet(viewsets.ModelViewSet):
serializer_class = EmployeeSerializer
queryset = Employee.objects.all()
permission_classes = [OfficeEngineerPermission]
class EmployeeSerializer(serializers.ModelSerializer):
class Meta:
model = Employee
fields = '__all__'
SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
def has_permission(self, request, view):
if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
return True
return Response({'message':'This is not allowed'})
我试图编写自定义权限,但不起作用
自定义许可证.py
class Employee(models.Model):
emp_id = models.AutoField(primary_key=True)
emp_name = models.CharField(max_length=30)
email = models.EmailField(max_length=254, unique=True)
position = models.CharField(max_length=30)
team = models.CharField(max_length=30)
phone = models.CharField(max_length=20, unique=True)
class EmpViewSet(viewsets.ModelViewSet):
serializer_class = EmployeeSerializer
queryset = Employee.objects.all()
permission_classes = [OfficeEngineerPermission]
class EmployeeSerializer(serializers.ModelSerializer):
class Meta:
model = Employee
fields = '__all__'
SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
def has_permission(self, request, view):
if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
return True
return Response({'message':'This is not allowed'})
我读了所有的东西,但都被卡住了。请建议 您可以覆盖viewset
get_permissions()
方法,并为每个viewset操作定义权限
例如,我对以下内容进行了快速测试:
类MyModelViewset(ViewSet.ModelViewSet):
serializer\u class=MyModelSerializer
model=MyModel
def get_权限(自我):
如果self.action==“创建”:
self.permission\u classes=[IsNotSuperUser]
elif self.action==“更新”:
self.permission\u classes=[IsTeacher]
elif self.action==“部分更新”:
self.permission\u classes=[IsNotSuperUser]
elif self.action==“列表”:
self.permission_classes=[IsSuperUser,IsAuthenticated]
elif self.action==“检索”:
self.permission_classes=[IsSuperUser,IsAuthenticated]
返回超级(self.\uuuuuuuuuuuuuuuuuuuuuuuuu类,self).获取权限()
通过此选项,您可以控制每个HTTP谓词的权限。如何保持用户选择的按钮状态(员工与经理)?