0
我想设置一个扩展viewsets.ModelViewSet类的自定义权限,它似乎我的权限没有被评估。这是我的观点:Django的REST框架 - 自定义权限不评估
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
这里是我的允许类:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我遇到的问题是,IsAdminOrAuthenticatedReadOnly似乎从来没有得到评估。我通过强制它总是返回“False”并通过在视图中将permission_classes值切换为“IsAuthenticated”来测试它。在前一种情况下,对端点的请求返回,就好像没有认证要求一样。在以后,认证按预期执行。
任何想法我失踪?
ugh。你是对的,谢谢 –