Django Rest 框架向自定义权限类提供了错误的参数

问题描述 投票:0回答:1

我遇到一个问题,Django Rest Framework 的自定义权限系统将我的自定义权限方法视为类方法或静态方法。

在权限方法中遇到断点时:

def has_permission(self, request, view=None):

  • self
    是请求的实例而不是权限类的实例
  • request
    是视图的实例
  • 我不得不设置 view=None 因为它因缺少参数错误而崩溃

我是否配置错误?

我用作默认权限的 

IsEmailVerified
权限已经按预期工作了一个月,但是当以编程方式添加自定义权限时,我收到错误。

  File "/app/api/permissions.py", line 50, in has_permission
    user = request.user
                 ^^^^^^^^^^^^
AttributeError: 'ExampleViewSet' object has no attribute 'user'

设置.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'api.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
        'api.permissions.IsEmailVerifiedPermission',
    ),
    . . .
}

权限.py

class IsEmailVerifiedPermission(BasePermission):
    def has_permission(self, request, view=None):
        return request.user.email_verified

    def has_object_permission(self, request, view=None, obj=None):
        return request.user.email_verified


class UserCreated(BasePermission):
    def has_permission(self, request, view=None):
        # While debugging the parameters don't line up:
        # self is an instance of request
        # request is an instance of view
        # and I had to put view=None because it was crashing with missing parameter errors

    def has_object_permission(self, request, view=None, obj=None):
        # See above issue


class CanGloballyEdit(BasePermission):
    def has_permission(self, request, view=None):
        # See above issue

    def has_object_permission(self, request, view=None, obj=None):
        # See above issue

视图/example.py

class ExampleViewSet(viewsets.GenericViewSet):

    serializer_class = ExampleSerializer
    
    def get_permissions(self):
        default_permissions = super(viewsets.GenericViewSet, self).get_permissions()
        if self.action == 'list':
            return [CanGloballyEdit] + default_permissions
        if self.action == 'retrieve':
            return [UserCreated] + default_permissions
        if self.action in ('update', 'partial_update'):
            return [UserCreated | CanGloballyEdit] + default_permissions
        return default_permissions
python django django-rest-framework permissions
1个回答
0
投票

在@Carcigenicate 的帮助下,我们意识到我需要为此场景提供权限类实例。

class ExampleViewSet(viewsets.GenericViewSet):

    serializer_class = ExampleSerializer
    
    def get_permissions(self):
        default_permissions = super(viewsets.GenericViewSet, self).get_permissions()
        if self.action == 'list':
            return [CanGloballyEdit()] + default_permissions
        if self.action == 'retrieve':
            return [UserCreated()] + default_permissions
        if self.action in ('update', 'partial_update'):
            return [(UserCreated | CanGloballyEdit)()] + default_permissions
        return default_permissions
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.