DRF 权限的流程

django rest framework，入口是 dispatch，然后依次

--->>封装请求--->>处理版本--->>>认证--->>>权限--->>>限制访问频率

（1）auth需要通过token唯一标识来认证

（2）通过auth认证后得到，用户user信息，但是没有admin的权限

权限用来做进一步做职责的划分

代码

class MyPermission(object):
        message = '无权访问'
        def has_permission(self,request,view):
            if request.user == 'userAdmin':
                return True
            return False

class GoodsListView(APIView):
    #
    # 先 登录认证 authentication_classes = [Myauthentication,]
    # 不同等级的权限 依次 验证  permission_classes = [userPermission,adminPermission]
    permission_classes = [MyPermission,]
 
    def get(self,request,*args,**kwargs):
        goods = Goods.objects.all()
        goods_serializer = GoodsSerializer(goods,many=True)
        return Response(goods_serializer.data)

    # 权限的错误提示信息

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(detail='自定义信息')
        raise exceptions.PermissionDenied(detail=message)