在 Django REST 框架中,默认权限类如何与 per-view(set) 结合?
[英]In the Django REST framework, how are the default permission classes combined with per-view(set) ones?
问题描述
I'm reading http://www.django-rest-framework.org/api-guide/permissions/ and trying to relate it to the OAuth2 toolkit documentation, http://django-oauth-toolkit.readthedocs.io/en/latest/rest-framework/getting_started.html .
我正在阅读http://www.django-rest-framework.org/api-guide/permissions/并尝试将其与 OAuth2 工具包文档相关联, http://django-oauth-toolkit.readthedocs.io/en/latest/rest -框架/getting_started.html 。 The latter has an example in which in settings.py one specifies后者有一个示例,其中在settings.py中指定
REST_FRAMEWORK = {
# ...
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
and in addition, IsAuthenticated is also specified added to the permission_classes list of a ModelViewSet :此外,还指定IsAuthenticated添加到ModelViewSet的permission_classes列表中:
class UserViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
queryset = User.objects.all()
serializer_class = UserSerializer
Do I infer correctly from this example that the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet 's permission classes, but are instead replaced by it?我是否从这个例子中正确地推断出DEFAULT_PERMISSION_CLASSES没有被添加/添加到ModelViewSet的权限类中,而是被它替换了?
4 个解决方案
解决方案1
5 2018-01-29 22:31:34
Do I infer correctly from this example that the
DEFAULT_PERMISSION_CLASSESare not prepended / postpended to aModelViewSet's permission classes, but are instead replaced by it?DEFAULT_PERMISSION_CLASSES没有前置/ postpended到ModelViewSet的许可类,但都被它代替更换?
The DEFAULT_PERMISSION_CLASSES are used for views/viewsets where permission_classes is not defined. DEFAULT_PERMISSION_CLASSES用于未定义permission_classes视图/视图集。 In the cases they are defined, those are used instead, not the default ones.在定义它们的情况下,将使用它们,而不是默认的。
解决方案2
4 已采纳 2018-01-29 22:31:03
In the Django REST framework, how are the default permission classes combined with per-view(set) ones?
They are not combined.它们不是组合在一起的。
... the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet's permission classes, but are instead replaced by it?
Correct.正确的。
解决方案3
3 2022-02-11 17:13:25
If you do want to extend the default permissions, this seems to work.如果您确实想扩展默认权限,这似乎可行。
Disclaimer: I found it by looking into DRF's code, not sure it is documented.免责声明:我通过查看 DRF 的代码找到了它,但不确定它是否已记录在案。
from rest_framework.settings import api_settings
class UserViewSet(viewsets.ModelViewSet):
permission_classes = [*api_settings.DEFAULT_PERMISSION_CLASSES, TokenHasReadWriteScope]
解决方案4
0 2021-10-16 15:16:47
Add code in your custom Permission class like this在您的自定义权限类中添加代码,如下所示
class ObjectWritePermission(BasePermission):
# you will see this function in IsAuthenticated Permission class
def has_permission(self, request, view):
return bool(request.user and request.user.is_authenticated)
def has_object_permission(self, request, view, obj):
return obj.user == request.user
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.