[英]has_object_permission not being called at all in `(object)-detail` URLS
I have a problem in that has_object_permission()
gets ignored. 我有一个问题,就是
has_object_permission()
被忽略了。 Even when I access http://127.0.0.1:8000/portfolios/3/
with the correct user logged in, it still defaults to has_permission()
. 即使以正确的用户
has_permission()
登录http://127.0.0.1:8000/portfolios/3/
,它仍然默认为has_permission()
。 Am I doing something wrong? 难道我做错了什么?
ViewSet class: ViewSet类:
class PortfolioViewSet(viewsets.ModelViewSet):
queryset = Portfolio.objects.all()
serializer_class = serializers.PortfolioSerializer
permission_classes = (permissions.IsPortfolioOwner, )
Permission Class: 权限等级:
class IsPortfolioOwner(permissions.BasePermission):
# Details
def has_object_permission(self, request, view, obj):
print("Checking for object")
ruser = request.user
if ruser is None:
return False
elif ruser == obj.client.user:
return True
def has_permission(self, request, view):
print("Checking for list")
return request.user.is_superuser
In order for has_object_permission
to be checked, has_permission
must return True
. 为了
has_object_permission
进行检查, has_permission
必须返回True
。 If it returns False
, then permission checks will short-circuit and the request will be denied. 如果返回
False
,则权限检查将短路,并且该请求将被拒绝。
Your current permission class will only allow the user to view the list if they are a superuser. 您当前的权限类别仅允许用户查看列表(如果他们是超级用户)。 And an individual object cannot be viewed under they are a superuser and viewing the current user's object.
在他们是超级用户并查看当前用户的对象的情况下,无法查看单个对象。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.