Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/django/23.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 根据Django中选择的按钮更改权限_Python_Django_Django Rest Framework - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 根据Django中选择的按钮更改权限

Python 根据Django中选择的按钮更改权限

python django django-rest-framework

Python 根据Django中选择的按钮更改权限,python,django,django-rest-framework,Python,Django,Django Rest Framework,我正在研究DRF并使用ViewSet创建API。我有一个问题: 假设我有两个按钮,分别是Employee和Manager。如果用户单击了Employee,则它只能访问GET请求;如果用户单击了Manager,则它具有POST、PUT和修补程序权限 型号.py class Employee(models.Model): emp_id = models.AutoField(primary_key=True) emp_name = models.CharField(max_length

我正在研究DRF并使用ViewSet创建API。我有一个问题: 假设我有两个按钮,分别是Employee和Manager。如果用户单击了Employee,则它只能访问GET请求;如果用户单击了Manager,则它具有POST、PUT和修补程序权限

型号.py

class Employee(models.Model):
    emp_id = models.AutoField(primary_key=True)
    emp_name = models.CharField(max_length=30)
    email = models.EmailField(max_length=254, unique=True)
    position = models.CharField(max_length=30)
    team = models.CharField(max_length=30)
    phone = models.CharField(max_length=20, unique=True)

class EmpViewSet(viewsets.ModelViewSet):
    serializer_class = EmployeeSerializer
    queryset = Employee.objects.all()
    permission_classes = [OfficeEngineerPermission]

class EmployeeSerializer(serializers.ModelSerializer):
    class Meta:
        model = Employee
        fields = '__all__'

SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
    def has_permission(self, request, view):
        if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
            return True
        return Response({'message':'This is not allowed'})
viewsets.py

class Employee(models.Model):
    emp_id = models.AutoField(primary_key=True)
    emp_name = models.CharField(max_length=30)
    email = models.EmailField(max_length=254, unique=True)
    position = models.CharField(max_length=30)
    team = models.CharField(max_length=30)
    phone = models.CharField(max_length=20, unique=True)

class EmpViewSet(viewsets.ModelViewSet):
    serializer_class = EmployeeSerializer
    queryset = Employee.objects.all()
    permission_classes = [OfficeEngineerPermission]

class EmployeeSerializer(serializers.ModelSerializer):
    class Meta:
        model = Employee
        fields = '__all__'

SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
    def has_permission(self, request, view):
        if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
            return True
        return Response({'message':'This is not allowed'})
序列化程序.py

class Employee(models.Model):
    emp_id = models.AutoField(primary_key=True)
    emp_name = models.CharField(max_length=30)
    email = models.EmailField(max_length=254, unique=True)
    position = models.CharField(max_length=30)
    team = models.CharField(max_length=30)
    phone = models.CharField(max_length=20, unique=True)

class EmpViewSet(viewsets.ModelViewSet):
    serializer_class = EmployeeSerializer
    queryset = Employee.objects.all()
    permission_classes = [OfficeEngineerPermission]

class EmployeeSerializer(serializers.ModelSerializer):
    class Meta:
        model = Employee
        fields = '__all__'

SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
    def has_permission(self, request, view):
        if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
            return True
        return Response({'message':'This is not allowed'})
我试图编写自定义权限,但不起作用

自定义许可证.py

class Employee(models.Model):
    emp_id = models.AutoField(primary_key=True)
    emp_name = models.CharField(max_length=30)
    email = models.EmailField(max_length=254, unique=True)
    position = models.CharField(max_length=30)
    team = models.CharField(max_length=30)
    phone = models.CharField(max_length=20, unique=True)

class EmpViewSet(viewsets.ModelViewSet):
    serializer_class = EmployeeSerializer
    queryset = Employee.objects.all()
    permission_classes = [OfficeEngineerPermission]

class EmployeeSerializer(serializers.ModelSerializer):
    class Meta:
        model = Employee
        fields = '__all__'

SAFE_METHODS = ['GET', 'POST', 'PUT', 'PATCH', 'HEADER', 'OPTIONS']
class OfficeEngineerPermission(BasePermission):
    def has_permission(self, request, view):
        if (request.method in SAFE_METHODS and request.user == 'OfficeEngineer'):
            return True
        return Response({'message':'This is not allowed'})
我读了所有的东西,但都被卡住了。请建议

您可以覆盖viewset
get_permissions()
方法,并为每个viewset操作定义权限

例如,我对以下内容进行了快速测试:

类MyModelViewset(ViewSet.ModelViewSet):
serializer\u class=MyModelSerializer
model=MyModel
def get_权限(自我):
如果self.action==“创建”:
self.permission\u classes=[IsNotSuperUser]
elif self.action==“更新”:
self.permission\u classes=[IsTeacher]
elif self.action==“部分更新”:
self.permission\u classes=[IsNotSuperUser]
elif self.action==“列表”:
self.permission_classes=[IsSuperUser,IsAuthenticated]
elif self.action==“检索”:
self.permission_classes=[IsSuperUser,IsAuthenticated]
返回超级(self.\uuuuuuuuuuuuuuuuuuuuuuuuu类,self).获取权限()
通过此选项,您可以控制每个HTTP谓词的权限。

如何保持用户选择的按钮状态(员工与经理)?