标签:method ensure you default mission ide uid iss w3c
‘django.contrib.auth‘,
默认 migrate 会给每个模型赋予4个权限,如果 ORM 类不托管给django管理,而是直接在数据库中建表,模型的权限就不生效了?
IsAuthenticated1.默认登陆,也可以访问drf的api
2.视图里加认证
from rest_framework.permissions import IsAuthenticated
permission_classes = (IsAuthenticated,)
REST_FRAMEWORK = {
‘DEFAULT_PERMISSION_CLASSES‘: (
‘rest_framework.permissions.IsAuthenticated‘,
)
}
# 默认是
‘DEFAULT_PERMISSION_CLASSES‘: (
‘rest_framework.permissions.AllowAny‘,
)
DjangoModelPermissions执行 add delete 和 put 没权限
{
"detail": "You do not have permission to perform this action."
}
[21/May/2020 14:20:18] "DELETE /idcs/1/ HTTP/1.1" 403 63
Forbidden: /idcs/2/
class Permissions(DjangoModelPermissions):
def get_custom_perms(self, view, method):
if hasattr(view, "extra_perm_map"):
if isinstance(view.extra_perm_map, dict):
return view.extra_perm_map.get(method,[])
return []
def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, ‘_ignore_model_permissions‘, False):
return True
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
queryset = self._queryset(view)
perms = self.get_required_permissions(request.method, queryset.model)
perms.extend(self.get_custom_perms(view, request.method))
return request.user.has_perms(perms)
extra_perm_map = {
"GET": [‘idcs.view_idc‘]
}
‘DEFAULT_PERMISSION_CLASSES‘: (
# ‘rest_framework.permissions.DjangoModelPermissions‘,
‘utils.permissions.Permissions‘,
)
[21/May/2020 14:58:24] "GET / HTTP/1.1" 200 6511
Forbidden: /ProductModel/
https://www.w3cschool.cn/lxraw/lxraw-3meu35ov.html
https://www.django-rest-framework.org/api-guide/permissions/
标签:method ensure you default mission ide uid iss w3c
原文地址:https://www.cnblogs.com/jenvid/p/12934233.html
