我是DRF新手,在尝试自定义DRF中的Permission时遇到了以下问题。你知道吗
假设我的电脑里有以下代码权限.py文件:
class GetPermission(BasePermission):
obj_attr = 'POITS'
def has_permission(self, request, view):
user = request.user
employee = Employee.objects.get(user=user)
# Return a dict which indicates whether the request user has the corresponding permissions
permissions = get_permission(employee.id)
return permissions[GetPermission.obj_attr]
在我看来,我想覆盖GetPermission类中的静态变量:
class AssignmentList(generics.ListCreateAPIView):
GetPermission.obj_attr = 'ASSIGNMENT'
permission_classes = (IsAuthenticated, IsStaff, GetPermission)
queryset = Assignment.objects.all()
serializer_class = AssignmentSerializer
pagination_class = LargeResultsSetPagination
def perform_create(self, serializer):
employee = Employee.objects.get(user=self.request.user)
serializer.save(sender=employee, status=0, operatable=0)
然而,正如DRF的文件所指出的:
Permission checks are always run at the very start of the view, before any other code is allowed to proceed.
所以我应该怎么做,提前感谢,任何想法都会受到欢迎,因为我是DRF的新人。你知道吗
您需要为每个属性创建权限的子类,并在
has_permission
方法中使用self.obj_attr
。你知道吗相关问题 更多 >
编程相关推荐