Django REST_framework 权限类

权限类

APIView -> dispatch -> self.initial -> self.check_permissions

    def check_permissions(self, request):
        """
        Check if the request should be permitted.
        Raises an appropriate exception if the request is not permitted.
        """
        # self.get_permissions是一个列表, 里面是一个个对象　　
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(
                    request, message=getattr(permission, 'message', None)
                )

 APIView -> dispatch -> self.initialize_request -> self.get_permissions(将对象添加入列表中)

    def get_permissions(self):
        """
        Instantiates and returns the list of permissions that this view requires.
        """
        return [permission() for permission in self.permission_classes]

因此可以在views的类中使用

    def check_permissions(self, request):
        """
        Check if the request should be permitted.
        Raises an appropriate exception if the request is not permitted.
        """
        for permission in self.get_permissions():
　　　　　　　# has_permission 需要两个参数
            if not permission.has_permission(request, self):
                self.permission_denied(
                    request, message=getattr(permission, 'message', None)
                )

from rest_framework.permissions import BasePertmission
class MyPermission(BasePermission):
    message = '不是超级用户, 查看不了'
    # 重写has_permission需要两个参数, 所以传入request和view
    def has_permission(self, request, view):
        if request.user.user_type == 1:
　　　　　　 return True
　　　　　else:
　　　　　　 return False

class Books(APIView):
    permission_classes = [MyPermission,]

 

 

权限类的使用

局部使用

class Index(APIView):
    permission_classes = [MyPermission,]

全局使用

settings文件
REST_FRAMEWORK = {
    "DEFAULT_PERMISSION_CLASSES": ['app.MyAuths.MyPermission']
}

局部不使用

class Index(APIView):
    permission_classes = []