权限组件
权限组件
局部使用:
from rest_framework.permissions import BasePermission class UserPermission(BasePermission): # 设置没有权限时的提示信息 message = '无权限访问' def has_permission(self, request, view): user_type = request.user.user_type if user_type == 1: return True else: return False class Test(APIView): authentication_classes = [TokenAuth, ] # 权限组件的局部使用 permission_classes = [UserPermission,] def get(self, request): return HttpResponse('ok')
全局使用:settings中配置
REST_FRAMEWORK={ 'DEFAULT_PERMISSION_CLASSES':['app01.MyAuth.UserPermission',] }
源码分析
源码查看流程:
APIView的dispatch方法() ---- self.initial(request, *args, **kwargs) --- self.check_permissions(request)