如何在DRF中有效地检查对象级权限?

2024-05-14 00:51:01 发布

您现在位置:Python中文网/ 问答频道 /正文
614 3

场景:DRF中,我必须编写以下代码行来检查用户的权限

class RetrieveCampaignListView(APIView) :

authentication_classes = [TokenAuthentication]
permission_classes = [IsAuthenticated]


def get(self, request , *args, **kwargs):

    if request.user.has_perm('campaign.view_campaign'):

        try:
            #some view code
        
        except:

            return Response({"status":False}, status=status.HTTP_404_NOT_FOUND)
    else:
        return Response({"status":"Sorry User is not permitted"})

但是我想缩短时间

request.user.has_perm('campaign.view_camapign') and it's else condition

像这样的事情

@check_permission('campaign.view_campaign')

任何帮助都会让人大吃一惊


Tags: 代码viewreturnresponserequeststatus场景else
1条回答
网友
1楼 · 发布于 2024-05-14 00:51:01

您可以使用DRF自定义权限:

from rest_framework import permissions


class ViewCampaignPermission(permissions.BasePermission):
    message = 'Sorry User is not permitted'

    def has_permission(self, request, view):
        return request.user.has_perm('campaign.view_campaign'):

class RetrieveCampaignListView(APIView) :
    authentication_classes = [TokenAuthentication]
    permission_classes = [IsAuthenticated, ViewCampaignPermission]
    ...

见:https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions

或者,如果你真的想要一个装饰师,你可以使用类似于:

from functools import wraps
from rest_framework.views import APIView

def has_permission(permission):
    def has_permission_decorator(func):
        @wraps(func)
        def has_permission_wrapper(*args, **kwargs):
            request = args[0].request
            if not request.user.has_perm(permission):
                return Response(status='Sorry User is not permitted'})
            return func(*args, **kwargs)
        return has_permission_wrapper
    return has_permission_decorator


class RetrieveCampaignListView(APIView):
    @has_permission('campaign.view_campaign')
    def get(self, request, *args, **kwargs):
        pass

但这只适用于一个权限字符串

相关问题 更多 >

    编程相关推荐