Django rest_framework IsAdminUser行为异常 [英] Django rest_framework IsAdminUser not behaving

查看:45
本文介绍了Django rest_framework IsAdminUser行为异常的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在rest框架中有一个 viewset ,它的运行方式与我期望的不一样.如果我以编外人员身份登录并导航到api-url/users,则可以看到其中列出的所有用户.

I have a viewset in rest framework that is not behaving like I would expect. If I login with a non-staff user and navigate to the api-url/users I can see all the users listed there.

IsAuthenticated 权限正在起作用,因为如果我注销,则会收到一条错误消息,提示我未通过身份验证.

The IsAuthenticated permission is working, because if I logout I get an error saying that I am not authenticated.

我使用这些权限不对吗?我已经完成了教程并浏览了文档,但是找不到任何可以告诉我为什么这不起作用的信息

Am I using these permissions wrong? I have done the tutorial and looked through the docs, but I can't find anything to tell me why this shouldn't work

观看次数:

class UserViewSet(viewsets.ModelViewSet):
    """Viewset for viewing users. Only to be used by admins"""
    queryset = LangaLangUserProfile.objects.all()
    serializer_class = UserSerializer
    filter_backends = (filters.DjangoFilterBackend, )
    filter_fields = '__all__'
    permissions_classes = (permissions.IsAdminUser, )

class LanguageViewSet(viewsets.ReadOnlyModelViewSet):
    """Viewset for Language objects, use the proper HTTP methods to modify them"""
    queryset = Language.objects.all()
    serializer_class = LanguageSerializer
    filter_backends = (filters.DjangoFilterBackend, )
    filter_fields = '__all__'
    permissions_classes = (permissions.IsAuthenticated, )

网址:

router = routers.DefaultRouter()
router.register(r'users', views.UserViewSet)
router.register(r'language', views.LanguageViewSet)

序列化器:

class UserSerializer(serializers.ModelSerializer):
    """Serializer for User objects"""
    class Meta:
        model = LangaLangUserProfile
        fields = '__all__'

class LanguageSerializer(serializers.ModelSerializer):
    """Serializer for the Language model"""
    class Meta:
        model = Language
        fields = '__all__'
        depth = 2

推荐答案

错字!

它是 permission_classes ,而不是 permissions_classes .

关于这部分:

IsAuthenticated权限正在工作,因为如果我注销,则会收到一条错误消息,提示我未通过身份验证.

The IsAuthenticated permission is working, because if I logout I cget an error saysing that I am not authenticated.

我不确定为什么会这样,但是我会怪您在Django设置中 DEFAULT_PERMISSION_CLASSES -也许您在其中指定了 IsAuthenticated ?

I'm not sure why this is happening but I'd blame DEFAULT_PERMISSION_CLASSES in your Django settings - maybe you have IsAuthenticated specified there?

这篇关于Django rest_framework IsAdminUser行为异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Python最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆