我有类似的观点:
from django.http import HttpResponse
from rest_framework import generics
class MyView(generics.ListCreateAPIView):
def get_queryset(self):
# <view logic>
return HttpResponse('result')
def post(self, request):
# <view logic x2>
return HttpResponse('message_post_template')
而且我希望GET请求具有IsAuthenticated
的许可权类别,而POST请求应具有HasAPIKey
中的Django REST Framework API Key的许可权类别。我该怎么办?
我尝试执行permission_classes = [IsAuthenticated | HasAPIKey]
,但这太宽容了,因为如果除所需的权限以外的其他权限可用,它将允许功能正常工作。
from django.http import HttpResponse
from rest_framework import generics
from .permissions import HasAPIKey, IsAuthenticated # just import statement
class MyView(generics.ListCreateAPIView):
def get_permission_classes(self):
method = self.request.method
if method == 'POST':
return (HasAPIKey,)
else:
return (IsAuthenticated,)
def get_queryset(self):
# <view logic>
return HttpResponse('result')
def post(self, request):
# <view logic x2>
return HttpResponse('message_post_template')