PATCH 更新模型的数据,但响应 401 Unauthorized 错误
PATCH updates the data for a model, but responds with a 401 Unauthorized error
这是我的模型:
class EmployeeGroup(models.Model):
name = models.CharField(max_length=100)
members = models.ManyToManyField(EmployeeProfile,
related_name='employee_groups',
through='GroupMembership')
parent_group = models.ForeignKey('self',
related_name='children',
blank=True, null=True)
这是我的模型资源:
class EmployeeGroupResource(ModelResource):
parent_group = fields.ForeignKey('self', 'parent_group', null=True)
members = fields.ToManyField(GroupMembershipResource,
attribute = lambda bundle: bundle.obj.members.through.objects.filter(group=bundle.obj) or bundle.obj.members, full=True)
class Meta:
queryset = EmployeeGroup.objects.all()
resource_name = 'employee-groups'
authentication = Authentication()
authorization = Authorization()
filtering = {
'members': ALL_WITH_RELATIONS
}
您可以看到此时没有进行任何检查来授权或验证用户,所以为什么当我发送 PATCH 请求时,一切正常,但响应未授权错误?
curl --dump-header - -H "Content-Type: application/json"
-X PATCH --data '{"name": "human resources"}'
http://localhost:8000/api/v1/employee-groups/12/
HTTP/1.0 401 Unauthorized
Date: Sun, 22 May 2016 19:28:31 GMT
Server: WSGIServer/0.2 CPython/3.5.1
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
我是不是做错了什么?我看不到服务器在做什么,说用户未经授权,但是嘿嘿。
编辑:
Silvio 提醒我解决这个问题,相关资源 GroupMembershipResource 没有设置相同的授权,所以它默认为只读。因此,我可以更改名称,但由于其他资源阻止了我,所以看不到它。
确保您在相关资源GroupMembershipResource中应用了相同的Authorization,否则继承权限将是只读的:
class GroupMembershipResource(模型资源):
...
class Meta:
authorization = Authorization()
这是我的模型:
class EmployeeGroup(models.Model):
name = models.CharField(max_length=100)
members = models.ManyToManyField(EmployeeProfile,
related_name='employee_groups',
through='GroupMembership')
parent_group = models.ForeignKey('self',
related_name='children',
blank=True, null=True)
这是我的模型资源:
class EmployeeGroupResource(ModelResource):
parent_group = fields.ForeignKey('self', 'parent_group', null=True)
members = fields.ToManyField(GroupMembershipResource,
attribute = lambda bundle: bundle.obj.members.through.objects.filter(group=bundle.obj) or bundle.obj.members, full=True)
class Meta:
queryset = EmployeeGroup.objects.all()
resource_name = 'employee-groups'
authentication = Authentication()
authorization = Authorization()
filtering = {
'members': ALL_WITH_RELATIONS
}
您可以看到此时没有进行任何检查来授权或验证用户,所以为什么当我发送 PATCH 请求时,一切正常,但响应未授权错误?
curl --dump-header - -H "Content-Type: application/json"
-X PATCH --data '{"name": "human resources"}'
http://localhost:8000/api/v1/employee-groups/12/
HTTP/1.0 401 Unauthorized
Date: Sun, 22 May 2016 19:28:31 GMT
Server: WSGIServer/0.2 CPython/3.5.1
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
我是不是做错了什么?我看不到服务器在做什么,说用户未经授权,但是嘿嘿。
编辑: Silvio 提醒我解决这个问题,相关资源 GroupMembershipResource 没有设置相同的授权,所以它默认为只读。因此,我可以更改名称,但由于其他资源阻止了我,所以看不到它。
确保您在相关资源GroupMembershipResource中应用了相同的Authorization,否则继承权限将是只读的:
class GroupMembershipResource(模型资源): ...
class Meta:
authorization = Authorization()