![](/img/trans.png)
[英]Django update “extended user profile” model field from webhook paramater
[英]Django Permissions: How to make extended User only to update and view profile?
我正在嘗試為我創建的擴展用戶編寫自定義權限,以便僅允許它查看(檢索)用戶配置文件並對其進行更新。 但是,根據我當前的代碼,它不允許用戶查看其個人資料。 我剛開始使用Django,還無法提出解決方案,所以請告知錯誤在哪里? 下面是我的代碼:
Permissions.py
from rest_framework import permissions
class UserPermissions(permissions.BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_authenticated()
def has_object_permission(self, request, view, obj):
return obj == request.user
views.py
from rest_framework.permissions import IsAuthenticated, IsAdminUser
from .permissions import UserPermissions
class UserList(generics.ListCreateAPIView):
queryset = UserProfile.objects.all()
model = UserProfile
serializer_class = UserSerializer
paginate_by = 10
permission_classes = (IsAuthenticated, IsAdminUser,)
def get_queryset(self):
queryset = UserProfile.objects.all()
search_query = self.request.query_params.get('user', None)
if search_query is not None:
queryset = queryset.filter(username__istartswith=search_query)
queryset = queryset.order_by('username')
return queryset
class UserDetail(generics.RetrieveUpdateAPIView):
queryset = UserProfile.objects.all()
model = UserProfile
serializer_class = UserSerializer
permission_classes = (IsAuthenticated, UserPermissions,)
class UserDelete(generics.DestroyAPIView):
queryset = UserProfile.objects.all()
model = UserProfile
serializer_class = UserSerializer
permission_classes = (IsAuthenticated, IsAdminUser,)
Serializers.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = UserProfile
def create(self, validated_data):
user = super(UserSerializer, self).create(validated_data)
user.set_password(validated_data['password'])
user.save()
return user
models.py
from django.contrib.auth.models import User
class UserProfile(User):
class Meta:
ordering = ["username"]
db_table = 'user'
createdby = models.CharField(max_length=100, blank=True, default="")
updatedon = models.DateTimeField(blank=True, auto_now=True)
is_admin = models.BooleanField(default=False)
因為UserProfile != User
class UserPermissions(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
# obj is UserProfile instance not User instance.
# so, this method will always return False
return obj == request.user
其他代碼包含UserProfile
也是錯誤的。 關於擴展User
您可以按照以下文檔進行操作: https : //docs.djangoproject.com/zh-CN/1.9/topics/auth/customizing/#extending-user https://docs.djangoproject.com/zh-CN/1.9/topics/auth / customizing /#auth-custom-user
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.