[英]Django Rest Framework, Allow: POST not being set in generic view
[英]Django Rest Framework allow not authenticated access to a view in certain cases
我有一个ViewSet ,将permission_classes
设置为(permissions.IsAuthenticated,)
,但是我希望此视图在方法为retrieve()
时允许未经身份验证的访问。
这是我的ViewSet :
class AlbumViewSet(viewsets.ModelViewSet):
permission_classes = (permissions.IsAuthenticated,)
queryset = proxies.AlbumProxy.objects.all()
serializer_class = serializers.AlbumSerializer
filter_backends = (DjangoFilterBackend, SearchFilter, OrderingFilter,)
search_fields = ('name', 'description', 'company__name')
filter_fields = ('code', 'company')
def retrieve(self, request, pk):
password = request.query_params.get('password', None)
instance = proxies.AlbumProxy.objects.get(code=pk)
if instance.access_code != password and password != settings.MASTER_KEY:
raise Exception(_("Invalid password for album {}".format(instance.code)))
instance_to_return = serializers.AlbumSerializer(instance=instance, context={'request': request}).data
instance_to_return.pop('access_code')
return Response(instance_to_return)
有没有一种方法可以在启用retrieve()
方法时禁用permission_classes
,但是在任何其他情况下都可以使其工作?
您可以像这样覆盖get_permissions:
def get_permissions(self):
if self.action == 'retrieve':
return [] # This method should return iterable of permissions
return super().get_permissions()
Django Rest Framework
提供了开箱即用的功能。 请参见IsAuthenticatedOrReadOnly权限 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.