[英]django rest framework - browsable api remove delete
我有以下觀點:
def retrieve(self, request, pk=None, **kwargs):
try:
instance = self.get_object()
self.check_object_permissions(self.request, instance)
serializer = PasswordFolderSerializer(instance, context={'request': request})
return Response(serializer.data)
except Http404:
return Response(status=status.HTTP_404_NOT_FOUND)
未登錄時,我會得到一個403,這很好,但是可瀏覽的API中仍顯示“ DELETE”按鈕。 我該如何擺脫呢? 這是我的允許:
class CanRetrievePasswordFolder(permissions.DjangoObjectPermissions):
def has_permission(self, request, view):
if request.user is None:
return False
else:
return True
def has_object_permission(self, request, view, obj):
access_levels = ['Owner', 'Admin', 'Read']
if get_permission_level(request, obj) is None:
return False
else:
level = AccessLevel.objects.get(pk=get_permission_level(request, obj).level_id).name
if request.method in permissions.SAFE_METHODS:
return True
else:
for access in access_levels:
if level == access:
return True
else:
return False
真的很愚蠢,我必須在視圖的權限元組中添加IsAuthenticated,如下所示:
permission_classes_by_action = {'create': [CanCreatePasswordFolder, IsAuthenticated],
'list': [CanListPasswordFolder, IsAuthenticated],
'retrieve': [CanRetrievePasswordFolder, IsAuthenticated],
'partial_update': [CanUpdatePasswordFolder, IsAuthenticated],
'update': [CanUpdatePasswordFolder, IsAuthenticated],
'destroy': [CanDestroyPasswordFolder, IsAuthenticated]}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.