[英]Django DRF: @permission_classes not working
I have a view with a custom action which should have a custom permission "IsRightUser".我有一个自定义操作的视图,该操作应该具有自定义权限“IsRightUser”。 However, the
has_object_permission
of it is never called, even though I try to access the object with self.get_object()
in my view.但是,它的
has_object_permission
从未被调用,即使我在我看来尝试使用self.get_object()
访问该对象。
class MyView(mixins.ListModelMixin, viewsets.GenericViewSet):
serializer_class = MySerializer
lookup_field = 'uuid'
queryset = MyObject.objects.all()
@action(methods=['get'], detail=True)
@permission_classes([IsRightUser])
def groups(self, request, uuid=None):
# prints [<class 'rest_framework.permissions.IsAuthenticated'>]
print(self.permission_classes)
my_object = self.get_object()
groups = Group.objects.filter(my_object=my_object)
serializer = MySerializer(groups, many=True)
return Response(serializer.data)
Here you can see my custom permission which is never called.在这里您可以看到我从未调用过的自定义权限。
class IsRightUser(BasePermission):
def has_object_permission(self, request, view, obj):
# never called
return True
When I use permission_classes = [IsRightUser]
in my view (ie directly underneath the lookup_field) it works (unfortunately this is not feasible for me).当我在我的视图中使用
permission_classes = [IsRightUser]
时(即直接在lookup_field 下方)它可以工作(不幸的是这对我来说不可行)。
Any help is very much appreciated.很感谢任何形式的帮助。
You should pass permission classes as action
argument directly:您应该直接将权限类作为
action
参数传递:
@action(methods=['get'], detail=True, permission_classes=[IsRightUser])
def groups(self, request, uuid=None):
# prints [<class 'rest_framework.permissions.IsAuthenticated'>]
print(self.permission_classes)
my_object = self.get_object()
groups = Group.objects.filter(my_object=my_object)
serializer = MySerializer(groups, many=True)
return Response(serializer.data)
例如,只要您在 REST_FRAMEWORK 下将默认 DEFAULT_AUTHENTICATION_CLASSES 定义到 settings.py 中,第一个装饰器就会完美地工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.