未使用 get_object 调用 Django 的 DRF has_object_permission 方法
[英]Django's DRF has_object_permission method not called with get_object
问题描述
I scratch my head to understand why the has_object_permission bellow has no effect, because the documentation says that this method should be executed with get_object .
我挠头想明白为什么下面的has_object_permission没有效果,因为文档说这个方法应该用get_object来执行。 What could be the reason?可能是什么原因?
@permission_classes([HasViewObjectPermission])
class IndividualDetailsView(RetrieveAPIView):
serializer_class = IndividualSerializer
lookup_url_kwarg = "pk"
def get_object(self):
pk = self.kwargs.get(self.lookup_url_kwarg)
return Individual.objects.get(pk=pk)
class HasViewObjectPermission(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return False
1 个解决方案
解决方案1
2 已采纳 2022-12-22 21:29:51
It looks like you're using the Django Rest Framework.看起来您正在使用 Django Rest Framework。 DRF does support Object-Level Permissions, but if you override the get_object method you must manually call the check_object_permissions method. DRF 确实支持对象级权限,但如果您覆盖get_object方法,则必须手动调用check_object_permissions方法。
From the DRF documentation :来自DRF 文档:
If you're writing your own views and want to enforce object level permissions, or if you override the get_object method on a generic view, then you'll need to explicitly call the.check_object_permissions(request, obj) method on the view at the point at which you've retrieved the object.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.