has_object_permission根本没有在((object)-detail`)URL中被调用
[英]has_object_permission not being called at all in `(object)-detail` URLS
问题描述
I have a problem in that has_object_permission() gets ignored. 
我有一个问题,就是has_object_permission()被忽略了。 Even when I access http://127.0.0.1:8000/portfolios/3/ with the correct user logged in, it still defaults to has_permission() . 即使以正确的用户has_permission()登录http://127.0.0.1:8000/portfolios/3/ ,它仍然默认为has_permission() 。 Am I doing something wrong? 难道我做错了什么?
ViewSet class: ViewSet类:
class PortfolioViewSet(viewsets.ModelViewSet):
queryset = Portfolio.objects.all()
serializer_class = serializers.PortfolioSerializer
permission_classes = (permissions.IsPortfolioOwner, )
Permission Class: 权限等级:
class IsPortfolioOwner(permissions.BasePermission):
# Details
def has_object_permission(self, request, view, obj):
print("Checking for object")
ruser = request.user
if ruser is None:
return False
elif ruser == obj.client.user:
return True
def has_permission(self, request, view):
print("Checking for list")
return request.user.is_superuser
1 个解决方案
解决方案1
0 已采纳 2015-06-28 02:03:44
In order for has_object_permission to be checked, has_permission must return True . 为了has_object_permission进行检查, has_permission必须返回True 。 If it returns False , then permission checks will short-circuit and the request will be denied. 如果返回False ,则权限检查将短路,并且该请求将被拒绝。
Your current permission class will only allow the user to view the list if they are a superuser. 您当前的权限类别仅允许用户查看列表(如果他们是超级用户)。 And an individual object cannot be viewed under they are a superuser and viewing the current user's object. 在他们是超级用户并查看当前用户的对象的情况下,无法查看单个对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.