Django 权限管理

from rest_framework import permissions
from django.contrib.auth.models import AnonymousUser

from models import User


class IsCandidate(permissions.BasePermission):
    def has_permission(self, request, view):
        if isinstance(request.user, AnonymousUser):
            return False
        return request.user.type == User.USER_TYPE_CANDIDATE


class IsCompanySuperAdmin(permissions.BasePermission):
    def has_permission(self, request, view):
        if isinstance(request.user, AnonymousUser):
            return False
        return request.user.type == User.USER_TYPE_COMPANY_SUPER_ADMIN

views.py

class DetailView(generics.RetrieveUpdateAPIView):
    
    permission_classes = (IsAuthenticated, IsCandidate,) # 加入权限（可插拔式）