Django Rest Framework忽略了我的IsOwnerOrReadOnly权限 [英] Django Rest Framework ignoring my IsOwnerOrReadOnly permissions
问题描述
我已经为 isOwnerOrReadOnly
权限创建了一个权限文件,但是根本没有调用has_object_permission函数(我在此处放置了打印语句以进行检查)。
这是我在视图中使用此权限的方式:
class CarDetail(generics.RetrieveUpdateDestroyAPIView):
.....
serializer_class = car_serializers.CarSerializer
authentication_classes =(authentication.TokenAuthentication,)
Permission_classes =(权限。 IsAuthenticatedOrReadOnly,IsOwnerOrReadOnly,)
我缺少什么?
@adeleinr我猜您已经声明了自己的get_object方法(我会在注释中问您这个问题,但没有足够的要点做这件事:D),在这种情况下,您必须在get_object中使用check_object_permissions(也在PUT,DELETE中)。在您的get_object中使用
obj = get_object_or_404(queryset,** filter)
self.check_object_permissions(self.request,obj)
I have created a permissions file for the isOwnerOrReadOnly
permission but the has_object_permission function is not being called at all (I have place a print statement there to check).
This is how I am using this permission in my view:
class CarDetail(generics.RetrieveUpdateDestroyAPIView):
.....
serializer_class = car_serializers.CarSerializer
authentication_classes = (authentication.TokenAuthentication,)
permission_classes = (permissions.IsAuthenticatedOrReadOnly,IsOwnerOrReadOnly,)
What am I missing?
@adeleinr I am guessing you have declared your own get_object method( i would have asked you this in the comment but don't have sufficient points to do that :D), in that case you have to use check_object_permissions in the get_object ( also in PUT, DELETE ) .Use this in your get_object
obj = get_object_or_404(queryset, **filter)
self.check_object_permissions(self.request, obj)
这篇关于Django Rest Framework忽略了我的IsOwnerOrReadOnly权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!