一 權限簡介
只用超級用戶才能訪問指定的數據,普通用戶不能訪問,所以就要有權限組件對其限制
二 局部使用
from rest_framework.permissions import BasePermission class UserPermission(BasePermission): message = '不是超級用戶,查看不了' def has_permission(self, request, view): # user_type = request.user.get_user_type_display() # if user_type == '超級用戶': user_type = request.user.user_type print(user_type) if user_type == 1: return True else: return False class Course(APIView): authentication_classes = [TokenAuth, ] permission_classes = [UserPermission,] def get(self, request): return HttpResponse('get') def post(self, request): return HttpResponse('post')
局部使用只需要在視圖類里加入:
permission_classes = [UserPermission,]
三 全局使用
REST_FRAMEWORK={ "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",], "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",] }
四 源碼分析
def check_permissions(self, request): for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, 'message', None) )
self.get_permissions()
def get_permissions(self): return [permission() for permission in self.permission_classes]
權限類使用順序:先用視圖類中的權限類,再用settings里配置的權限類,最后用默認的權限類