[英]Django's DRF has_object_permission method not called with get_object
I scratch my head to understand why the has_object_permission
bellow has no effect, because the documentation says that this method should be executed with get_object
.我挠头想明白为什么下面的
has_object_permission
没有效果,因为文档说这个方法应该用get_object
来执行。 What could be the reason?可能是什么原因?
@permission_classes([HasViewObjectPermission])
class IndividualDetailsView(RetrieveAPIView):
serializer_class = IndividualSerializer
lookup_url_kwarg = "pk"
def get_object(self):
pk = self.kwargs.get(self.lookup_url_kwarg)
return Individual.objects.get(pk=pk)
class HasViewObjectPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return False
It looks like you're using the Django Rest Framework.看起来您正在使用 Django Rest Framework。 DRF does support Object-Level Permissions, but if you override the
get_object
method you must manually call the check_object_permissions
method. DRF 确实支持对象级权限,但如果您覆盖
get_object
方法,则必须手动调用check_object_permissions
方法。
From the DRF documentation :来自DRF 文档:
If you're writing your own views and want to enforce object level permissions, or if you override the get_object method on a generic view, then you'll need to explicitly call the.check_object_permissions(request, obj) method on the view at the point at which you've retrieved the object.
如果您正在编写自己的视图并希望强制执行对象级别的权限,或者如果您覆盖通用视图上的 get_object 方法,那么您需要在视图上显式调用 .check_object_permissions(request, obj) 方法您检索对象的时间点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.