Django Rest Conditions Giving Unexpected Results
Question
I'm using rest_condition within Django Rest Framework. If any of my conditions fail I require access to be denied . I declared my first permission on the view like so:
permission_condition = CustomPermissions
Which overrides DRF permission methods has_permission and has_object_permission .
CustomPermissions :
def has_permission(self, request, view):
return True
def has_object_permission(self, request, view, obj):
return False
This works when accessing a detail endpoint:
Results:
> CustomPermissions
- has_permission = True
- has_object_permission = False
Result Expected Access defined : Actual Result Access defined - worked
However, When I add a second permission I don't get the desired outcome. I am expecting it to be, why?
permission_condition = (C(permissions.IsAdminUser) | C(CustomPermissions))
IsAdminUser
def has_permission(self, request, view):
return False
Results:
> CustomPermissions
- has_permission = True
- has_object_permission = False
> IsAdminUser
- True
Result Expected Access defined : Actual Result Access to view granted.
One can assume my logic or understanding of the conditions in permission_condition is incorrect.
1 answers
solution1
0 ACCPTED 2016-04-15 13:36:02
问题是条件下的逻辑,如下所示。
permission_condition = (C(permissions.IsAdminUser) & C(CustomPermissions))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.