Django Rest Framework不允许我拥有多个权限 [英] Django Rest Framework won't let me have more than one permission

问题描述

我对Django Rest框架和权限有疑问。例如，DRF不允许我在视图上拥有多个权限。

I have a problem with the Django Rest Framework and permissions. DRF won't let me have more than one permission on my views for example.

如果我以管理员用户身份登录API，则可以使用以下mixin进行访问：

If I login to the API as an admin user I can get access using this mixin:

class PermissionMixin(object):
    permission_classes = (permissions.IsAdminUser)

现在，如果我添加第二个权限混合：

Now, if I add a second permission mixin:

class PermissionMixin(object):
    permission_classes = (permissions.IsAdminUser, TokenHasReadWriteScope)

管理员用户被拒绝访问。应该发生的是管理员用户和具有令牌的用户都可以访问，但是从现在开始，只有TokenHasReadWriteScope用户可以访问。

Admin users are denied access. What should happen is both admin user and users with a token get access, however with above now only TokenHasReadWriteScope users have access.

是否还有其他人遇到此问题，怎么回事在这里？

Has anyone else had this issue, whats going on here?

我需要两种类型的用户才能访问。

I need both type of users to have access.

这是我的视图：

class SomeList(PermissionMixin, generics.ListCreateAPIView)

    queryset = Award.objects.all()
    serializer_class = AwardSerializer

PS TokenHasReadWriteScope来自 django-oauth-toolkit

PS TokenHasReadWriteScope is from django-oauth-toolkit

推荐答案

您遇到的行为是绝对正常的，这就是DRF的设计方式。如果您希望拥有至少一种权限类别，则需要指定一个更为复杂的条件。 这是您可能使用的很好的例子。安装后，您可以像这样使用它：

The behavior you are experiencing is absolutely normal, that's how DRF was designed. If you want to have at least one of those permission classes, you need to specify a more 'complex' condition. This is a very good example of what you might use. After you install it, you can use it like this:

from rest_condition import Or
...
permission_classes = (Or(permissions.IsAdminUser, TokenHasReadWriteScope),)

这篇关于Django Rest Framework不允许我拥有多个权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！