标签:als 类别 code toc 自定义权限 对象 目录 obj setting
request.user和request.auth属性中的身份验证信息来确定是否应允许传入请求。自定义权限认证类
from rest_framework.permissions import BasePermission
from rest_framework import exceptions
class MyPermission(BasePermission):
message = {'code': 10001, 'error': '你没权限'}
def has_permission(self, request, view):
"""
Return `True` if permission is granted, `False` otherwise.
"""
if request.user:
return True
# raise exceptions.PermissionDenied({'code': 10001, 'error': '你没权限'})
return False
def has_object_permission(self, request, view, obj):
"""
Return `True` if permission is granted, `False` otherwise.
"""
return False在需要权限认证的类中加permission_classes
class OrderView(APIView):
permission_classes = [MyPermission,]
def get(self,request,*args,**kwargs):
return Response('order')
class UserView(APIView):
permission_classes = [MyPermission, ]
def get(self,request,*args,**kwargs):
return Response('user')请求过来先执行dispatch方法
class APIView(View):
permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
def dispatch(self, request, *args, **kwargs):
# 封装request对象...
self.initial(request, *args, **kwargs)
# 通过反射执行视图中的方法...initial方法过渡
def initial(self, request, *args, **kwargs):
# 版本的处理...
# 认证...
# 权限判断
self.check_permissions(request)
self.check_throttles(request) # 节流...check_permissions方法,依次对权限类对象认证权限
def check_permissions(self, request):
# [对象,对象,]
for permission in self.get_permissions():
if not permission.has_permission(request, self):
self.permission_denied(request, message=getattr(permission, 'message', None))get_permissions方法,将权限类实例化成对象列表
def get_permissions(self):
return [permission() for permission in self.permission_classes]执行自定义权限类的has_permission方法,判断有无权限
class MyPermission(BasePermission):
def has_permission(self, request, view):
if request.user:
return True
return False标签:als 类别 code toc 自定义权限 对象 目录 obj setting
原文地址:https://www.cnblogs.com/liubing8/p/11941211.html
