django-rest-framework：设置每个用户权限 [英] django-rest-framework : setting per user permissions

问题描述

我有使用DRF 3.0.1创建的REST api。如果我使用权限类 rest_framework.permissions.IsAuthenticated ，则任何经过身份验证的用户都可以对任何用户执行GET，POST等操作。我有一个有效的令牌。

我想为每个用户设置权限，因为管理员用户可以查看和更新​​所有用户的数据，但任何非管理员用户都只能只能查看和更新​​他的数据。

从到目前为止我看到的示例中，看来 rest_framework.permissions.DjangoObjectPermissions 是我需要使用的类。但是，这些示例使用基于类的视图。

我在代码中使用了基于函数的视图。是否可以使用基于函数的视图来实现？如queryset =< Model> .objects.non（） guide / permissions /＃djangomodelpermissions rel = nofollow> DRF文档没有帮助。它抱怨无法在不具有.model或.queryset属性的视图上应用DjangoModelPermissions。

是否存在

解决方案

您是否正在使用 api_view DRF的装饰器？

如果是这样，您可能会发现 rest_framework.decorators.permission_classes 有用。 / p>

@permission_classes（[SomePermission]）

I have REST api created using DRF 3.0.1. If I use the permission class rest_framework.permissions.IsAuthenticated, any authenticated user can perform GET, POST, etc. actions for any user as long he has a valid token.

I want to set per user permissions in that an admin user can see and update all users' data but any non-admin user should only be able to see and update only his data.

From the examples I have seen so far, it seems like rest_framework.permissions.DjangoObjectPermissions is the class I need to use. However, the examples use Class Based Views.

I have used Function Based Views in my code. Is it possible to implement this using function based views? Doing queryset = <Model>.objects.non() as suggested in DRF doc doesn't help. It complains Cannot apply DjangoModelPermissions on a view that does not have .model or .queryset property.

Is there a way I can do this without moving from FBVs to CBVs?

解决方案

Are you using api_view decorator of DRF?

if so, you might find rest_framework.decorators.permission_classes useful.

@permission_classes([SomePermission])

这篇关于django-rest-framework：设置每个用户权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！