stackoom
  简体   繁体   中英

In the Django REST framework, how are the default permission classes combined with per-view(set) ones?

 原文  2018-01-29 22:28:50       python/ django/ django-rest-framework/ oauth2-toolkit

Question

I'm reading http://www.django-rest-framework.org/api-guide/permissions/ and trying to relate it to the OAuth2 toolkit documentation, http://django-oauth-toolkit.readthedocs.io/en/latest/rest-framework/getting_started.html . The latter has an example in which in settings.py one specifies

REST_FRAMEWORK = {
    # ...

    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    )
}

and in addition, IsAuthenticated is also specified added to the permission_classes list of a ModelViewSet :

class UserViewSet(viewsets.ModelViewSet):
    permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
    queryset = User.objects.all()
    serializer_class = UserSerializer

Do I infer correctly from this example that the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet 's permission classes, but are instead replaced by it?

4 answers

solution1
 5  2018-01-29 22:31:34

Do I infer correctly from this example that the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet 's permission classes, but are instead replaced by it?

The DEFAULT_PERMISSION_CLASSES are used for views/viewsets where permission_classes is not defined. In the cases they are defined, those are used instead, not the default ones.

solution2
 4 ACCPTED  2018-01-29 22:31:03

In the Django REST framework, how are the default permission classes combined with per-view(set) ones?

They are not combined.

... the DEFAULT_PERMISSION_CLASSES are not prepended / postpended to a ModelViewSet's permission classes, but are instead replaced by it?

Correct.

solution3
 3  2022-02-11 17:13:25

If you do want to extend the default permissions, this seems to work.

Disclaimer: I found it by looking into DRF's code, not sure it is documented.

from rest_framework.settings import api_settings

class UserViewSet(viewsets.ModelViewSet):
    permission_classes = [*api_settings.DEFAULT_PERMISSION_CLASSES, TokenHasReadWriteScope]

solution4
 0  2021-10-16 15:16:47

Add code in your custom Permission class like this

class ObjectWritePermission(BasePermission):
    # you will see this function in IsAuthenticated Permission class
    def has_permission(self, request, view):
        return bool(request.user and request.user.is_authenticated)

    def has_object_permission(self, request, view, obj):
        return obj.user == request.user

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Define pagination page_size per-view in Django Rest Framework how to change permissions for current view overriding the DEFAULT_PERMISSION_CLASSES in django rest-framework Django: use per-view cache in the URLconf? Django per-view caching to database How to get all Django REST Framework permission classes? Django Rest Framework permission_classes not working How to pass parameters to a mixin on a per-view basis what's differece between the django's cache ?the The per-site cache,The per-view cache,Specifying per-view cache and Template fragment caching Per-view caching for get_queryset method in a class-based view (Django app) django rest framework throttling per user and per view
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM