django-rest-framework:设置每个用户权限 [英] django-rest-framework : setting per user permissions
问题描述
我有使用DRF 3.0.1创建的REST api。如果我使用权限类 rest_framework.permissions.IsAuthenticated
,则任何经过身份验证的用户都可以对任何用户执行GET,POST等操作。我有一个有效的令牌。
我想为每个用户设置权限,因为管理员用户可以查看和更新所有用户的数据,但任何非管理员用户都只能只能查看和更新他的数据。
从到目前为止我看到的示例中,看来 rest_framework.permissions.DjangoObjectPermissions
是我需要使用的类。但是,这些示例使用基于类的视图。
我在代码中使用了基于函数的视图。是否可以使用基于函数的视图来实现?如无法在不具有.model或.queryset属性的视图上应用DjangoModelPermissions。
是否存在
您是否正在使用 api_view
DRF的装饰器?
如果是这样,您可能会发现 rest_framework.decorators.permission_classes
有用。 / p>
@permission_classes([SomePermission])
I have REST api created using DRF 3.0.1. If I use the permission class rest_framework.permissions.IsAuthenticated
, any authenticated user can perform GET, POST, etc. actions for any user as long he has a valid token.
I want to set per user permissions in that an admin user can see and update all users' data but any non-admin user should only be able to see and update only his data.
From the examples I have seen so far, it seems like rest_framework.permissions.DjangoObjectPermissions
is the class I need to use. However, the examples use Class Based Views.
I have used Function Based Views in my code. Is it possible to implement this using function based views? Doing queryset = <Model>.objects.non()
as suggested in DRF doc doesn't help. It complains Cannot apply DjangoModelPermissions on a view that does not have .model or .queryset property.
Is there a way I can do this without moving from FBVs to CBVs?
Are you using api_view
decorator of DRF?
if so, you might find rest_framework.decorators.permission_classes
useful.
@permission_classes([SomePermission])
这篇关于django-rest-framework:设置每个用户权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!