[英]Override the IsAuthenticated permission class with one that checks firebase
I am using firebase(pyrebase library) for my authentication with a django backend and a react frontend.For this to work I had to override the DRF auth class TokenAuthentication with my FirebaseAuthentication.我正在使用 firebase(pyrebase 库)通过 django 后端和反应前端进行身份验证。为此,我必须用我的 FirebaseAuthentication 覆盖 DRF auth class TokenAuthentication。 But I still get 401 unauthorised when I try to access a view since I also need to override the drf permission class i sAuthenticated .But I have been searching for a way to do this with python without success.Any help would be appreciated.
但是,当我尝试访问视图时,我仍然得到401 未授权,因为我还需要覆盖 drf 权限 class i sAuthenticated 。但是我一直在寻找一种方法来使用 python 来做到这一点,但没有成功。任何帮助将不胜感激。 Below is a snippet of the permission class and where its applied on my views
下面是权限 class 的片段,它适用于我的观点
DRF permissions.py DRF 权限.py
class IsAuthenticated(BasePermission):
"""
Allows access only to authenticated users.
"""
def has_permission(self, request, view):
return bool(request.user and request.user.is_authenticated)
views.py视图.py
class FinanceTransactionList(GenericAPIView):
authentication_classes = [FirebaseAuthentication]
permission_classes = [IsAuthenticated]
@classmethod
@encryption_check
def post(self, request, *args, **kwargs):
...
To implement custom permission, override BasePermission
and implement either, or both, of the following methods:要实现自定义权限,请覆盖
BasePermission
并实现以下方法之一或两者:
.has_permission(self, request, view)
.has_permission(自我,请求,查看)
.has_object_permission(self, request, view, obj)
.has_object_permission(self, request, view, obj)
The methods should return True
if the request should be granted access, and False
otherwise.如果请求应该被授予访问权限,这些方法应该返回
True
,否则返回False
。
If you need to test if a request is a read operation or a write operation, you should check the request method against the constant SAFE_METHODS
, which is a tuple containing 'GET'
, 'OPTIONS'
, and 'HEAD'
.如果您需要测试请求是读取操作还是写入操作,您应该根据常量
SAFE_METHODS
检查请求方法,该常量是一个包含'GET'
、 'OPTIONS'
和'HEAD'
的元组。 For example:例如:
if request.method in permissions.SAFE_METHODS:
# Check permissions for the read-only request
else:
# Check permissions for writing request
Custom permissions will raise a PermissionDenied
exception if the test fails.如果测试失败,自定义权限将引发
PermissionDenied
异常。 To change the error message associated with the exception, implement a message
attribute directly on your custom permission.要更改与异常关联的错误消息,请直接在您的自定义权限上实现
message
属性。 Otherwise, the default_detail
attribute from PermissionDenied
will be used.否则,将使用
PermissionDenied
中的default_detail
属性。 Similarly, to change the code identifier associated with the exception, implement a code
attribute directly on your custom permission - otherwise, the default_code
attribute from PermissionDenied
will be used.同样,要更改与异常关联的代码标识符,请直接在您的自定义权限上实现
code
属性 - 否则,将使用来自PermissionDenied
的default_code
属性。
from rest_framework import permissions
class CustomerAccessPermission(permissions.BasePermission):
message = 'Firebase Auth Required.'
def has_permission(self, request, view):
...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.