django rest_framework 权限
在视图里面去设置权限
class OrderView(APIView):
authentication_classes = [MyAuthtication]
def get(self, request, *args, **kwargs):
ret = {"state_code": 1000, "msg": "数据请求成功", "data": ORDER_DICT}
if request.user.user_type != 3:
ret = {"state_code": 1001, "msg": "无权限", "data": []}
return JsonResponse(ret)
微信截图_20190111090323
- postman校验
微信截图_20190111090426
基本使用
class MyPermission(object):
def has_permission(self,request,view):
if request.user.user_type != 3:
return False
return True
class OrderView(APIView):
"""
订单相关业务(只有SVIP用户有权限)
"""
permission_classes = [MyPermission,]
def get(self,request,*args,**kwargs):
# request.user
# request.auth
self.dispatch
ret = {'code':1000,'msg':None,'data':None}
try:
ret['data'] = ORDER_DICT
except Exception as e:
pass
return JsonResponse(ret)
微信截图_20190111090732
- 我们可以添加一个message
class MyPermission(object):
message = "无权访问"
def has_permission(self, request, view):
if request.user.user_type != 3:
return False
return True
微信截图_20190111091047
源码流程
梳理:
- 使用
- 类,必须继承:BasePermission,必须实现:has_permission方法
from rest_framework.permissions import BasePermission
class SVIPPermission(BasePermission):
message = "必须是SVIP才能访问"
dehas_permission(self,request,view):
if request.useuser_type != 3:
return False
return True
- 返回值:
- True, 有权访问
- False,无权访问
- 局部
class UserInfoView(APIView):
"""
订单相关业务(普通用户、VIP)
"""
permission_classes = [MyPermission1, ]
def get(self,request,*args,**kwargs):
return HttpResponse('用户信息')
- 全局
REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES":['api.utils.permission.SVIPPermission']
}