DjangoModelPermissions 不适用于我的 API 应用程序中的视图级别权限

编程问答 2022-04-28

问题描述

我已经创建了一个 API,我正在尝试为我的 API 应用程序中的视图提供权限。我已在我的管理门户中将用户分配给具有权限的组,然后我在我的视图中使用 DjangoModelPermissions,以便权限根据不工作的管理门户运行。 当我使用 IsAdminUser 时,它会阻止其他用户阅读视图。但是对于 DjangoModelPermissions 它不起作用。

简单来说,即使在分配权限并在权限玻璃中传递此值 DjangoModelPermissions 之后,我想阻止少数用户访问视图,该用户仍然能够访问该视图。

我的管理员组中的用户和组 一个 super_user 分配给具有所有权限的 Developers 组。 一名测试用户被分配到语言组,只能访问语言视图。

模型代码

```Python
from django.db import models

class Paradigm(models.Model):
    name = models.CharField(max_length=50)

    def __str__(self):
        return self.name

# Create your models here.
class Language(models.Model):
    name = models.CharField(max_length=50)
    paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)

    # this method will help us to get the actual Name insted of object name
    def __str__(self):
        return self.name

class Programmer(models.Model):
    name = models.CharField(max_length=50)
    languages = models.ManyToManyField(Language)

    def __str__(self):
        return self.name

查看代码

from django.shortcuts import render
from rest_framework import viewsets,permissions
from .models import Language,Programmer,Paradigm
from .serializers import LanguageSerializer,ParadigmSerializer,ProgrammerSerializer
from  rest_framework.permissions import BasePermission,IsAdminUser,DjangoModelPermissions

# Create your views here.
class LanguageView(viewsets.ModelViewSet):
    queryset = Language.objects.all()
    serializer_class = LanguageSerializer
    
    # This below line is not working
    permission_classes = [DjangoModelPermissions]

class  ParadigmView(viewsets.ModelViewSet):
    queryset = Paradigm.objects.all()
    serializer_class = ParadigmSerializer
    # This below line is not working
    permission_classes = [DjangoModelPermissions]


class  ProgrammerView(viewsets.ModelViewSet):
    queryset = Programmer.objects.all()
    serializer_class = ProgrammerSerializer
    #This Below line is working only for Admin user
    permission_classes = [IsAdminUser]

在这里帮助我,因为我是 Django 的新手。 谢谢。

解决方法

创建 permissions.py 文件为:

from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
    perms_map = {
        'GET':['%(app_label)s.view_%(model_name)s'],'OPTIONS': [],'HEAD': [],'POST': ['%(app_label)s.add_%(model_name)s'],'PUT': ['%(app_label)s.change_%(model_name)s'],'PATCH': ['%(app_label)s.change_%(model_name)s'],'DELETE': ['%(app_label)s.delete_%(model_name)s'],}

扩展默认的DjangoModelPermissions,并添加这个perms_map 另外,将您的 views.py 更新为:

from .permissions import D7896DjangoModelPermissions
class  ParadigmView(viewsets.ModelViewSet):
    queryset = Paradigm.objects.all()
    serializer_class = ParadigmSerializer
    permission_classes = [D7896DjangoModelPermissions]

这对我有用:)

djangodjangodjango-permissionsdjango-rest-frameworkpython-3.x