问题描述
我已经创建了一个 API,我正在尝试为我的 API 应用程序中的视图提供权限。我已在我的管理门户中将用户分配给具有权限的组,然后我在我的视图中使用 DjangoModelPermissions,以便权限根据不工作的管理门户运行。 当我使用 IsAdminUser 时,它会阻止其他用户阅读视图。但是对于 DjangoModelPermissions 它不起作用。
简单来说,即使在分配权限并在权限玻璃中传递此值 DjangoModelPermissions 之后,我想阻止少数用户访问视图,该用户仍然能够访问该视图。
我的管理员组中的用户和组 一个 super_user 分配给具有所有权限的 Developers 组。 一名测试用户被分配到语言组,只能访问语言视图。
模型代码
```Python
from django.db import models
class Paradigm(models.Model):
name = models.CharField(max_length=50)
def __str__(self):
return self.name
# Create your models here.
class Language(models.Model):
name = models.CharField(max_length=50)
paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)
# this method will help us to get the actual Name insted of object name
def __str__(self):
return self.name
class Programmer(models.Model):
name = models.CharField(max_length=50)
languages = models.ManyToManyField(Language)
def __str__(self):
return self.name
查看代码
from django.shortcuts import render
from rest_framework import viewsets,permissions
from .models import Language,Programmer,Paradigm
from .serializers import LanguageSerializer,ParadigmSerializer,ProgrammerSerializer
from rest_framework.permissions import BasePermission,IsAdminUser,DjangoModelPermissions
# Create your views here.
class LanguageView(viewsets.ModelViewSet):
queryset = Language.objects.all()
serializer_class = LanguageSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ProgrammerView(viewsets.ModelViewSet):
queryset = Programmer.objects.all()
serializer_class = ProgrammerSerializer
#This Below line is working only for Admin user
permission_classes = [IsAdminUser]
请在这里帮助我,因为我是 Django 的新手。 谢谢。
解决方法
创建 permissions.py 文件为:
from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
perms_map = {
'GET':['%(app_label)s.view_%(model_name)s'],'OPTIONS': [],'HEAD': [],'POST': ['%(app_label)s.add_%(model_name)s'],'PUT': ['%(app_label)s.change_%(model_name)s'],'PATCH': ['%(app_label)s.change_%(model_name)s'],'DELETE': ['%(app_label)s.delete_%(model_name)s'],}
扩展默认的DjangoModelPermissions,并添加这个perms_map 另外,将您的 views.py 更新为:
from .permissions import D7896DjangoModelPermissions
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
permission_classes = [D7896DjangoModelPermissions]
这对我有用:)