Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/django/24.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 如何设置只允许所属用户更新的模型检查权限?_Python_Django_Django Rest Framework - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 如何设置只允许所属用户更新的模型检查权限?

Python 如何设置只允许所属用户更新的模型检查权限?

python django django-rest-framework

Python 如何设置只允许所属用户更新的模型检查权限?,python,django,django-rest-framework,Python,Django,Django Rest Framework,以下是我关于模型域更新的代码: serializer.py: class DomainUpdateSerializer(serializers.ModelSerializer): class Meta: model = Domain fields = "__all__" models.py: class Domain(models.Model): domain_name = models.CharField(max_leng

以下是我关于模型域更新的代码:

serializer.py:

class DomainUpdateSerializer(serializers.ModelSerializer):
    class Meta:
        model = Domain
        fields = "__all__"

models.py:
class Domain(models.Model):
    domain_name = models.CharField(max_length=512, help_text='domain. eg.example.com')
    cname = models.ForeignKey(
        unique=True,
        to=CNAMEModel,
        on_delete=models.DO_NOTHING,
        related_name="domains",
        help_text="CNAME")
    ssl_cert = models.TextField(max_length=40960, help_text="SSL cert + ca-bundle")
    ssl_key = models.TextField(max_length=40960, help_text="SSL key")

    ctime = models.DateTimeField(auto_now_add=True)
    uptime = models.DateTimeField(auto_now=True)

    def __str__(self):
        return self.domain_name
    def __unicode__(self):
        return self.domain_name

    class Meta:
        verbose_name = "domain"
        verbose_name_plural = "domain"
        ordering = ['ctime']

class CNAMEModel(models.Model):
    name = models.CharField(max_length=64, unique=True, help_text=". eg:gat.demo.com")
    desc = models.CharField(max_length=5120, null=True, blank=True, help_text="desc")

    desc_en = models.CharField(max_length=5120, null=True, blank=True")

    user = models.OneToOneField(unique=True, to=AuthUser, on_delete=models.DO_NOTHING, help_text="belong user")

    is_active = models.BooleanField(default=True)  

    ctime = models.DateTimeField(auto_now_add=True)
    uptime = models.DateTimeField(auto_now=True)


    def __str__(self):
        return self.name
    def __unicode__(self):
        return self.name

    class Meta:
        verbose_name = "CNAME"
        verbose_name_plural = "CNAME"
        ordering = ['ctime']

views.py:
class DomainUpdateAPIView(UpdateAPIView):
    serializer_class = DomainUpdateSerializer
    permission_classes = [IsAuthenticated, IsAdminUser]
    queryset = Domain.objects.all()
您可以看到域属于CNAME,CNAME属于用户

我有一个问题,我如何才能使检查域的权限仅可由所属用户或AdminUser更新(
IsAdminUser
已解决)

或者使用其他方式而不是权限。

您可以拥有额外的自定义权限:

from rest_framework import permissions
from rest_framework.exceptions import PermissionDenied


class IsOwnerOrReadOnly(permissions.BasePermission):
    """
    Custom permission to only allow creator of an object to edit it.
    """

    def has_object_permission(self, request, view, obj):
        # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True

        # Write permissions are only allowed to the creator of the movie
        return obj.cname.user == request.user
在视图中,可以包括Isowner或ReadOnly

from .permissions import IsOwnerOrReadOnly

class DomainUpdateAPIView(UpdateAPIView):
    serializer_class = DomainUpdateSerializer
    permission_classes = [IsAuthenticated, IsAdminUser, IsOwnerOrReadOnly]
    queryset = Domain.objects.all()