Django Rest Framework 自定义权限的消息未显示
Django Rest Framework Custom Permission's Message Not Shown
我正在使用 Django Rest Framework 编写应用程序。
我创建了自定义权限。我为自定义权限提供了一个 message 属性,但仍会返回默认详细信息。
让我给你我的代码。
permissions.py:
from annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
views.py:
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
注意:我正在构建的应用程序可以让候选人回答问题。我之所以这样重写create函数,是为了让还没做完所有题目的考生也能答对所有题目。
为什么权限信息是默认的"Authentication credentials were not provided."而不是我自己的?
消息 Authentication credentials were not provided. 说,您 未提供凭据 。它不同于 凭据错误 消息
接下来是 BasePermission class 没有属性 message,所以它不会'除非你强迫,否则不要使用你的 message 属性。 ( Source Code )
如何显示自定义 PermissionDenied 消息?
PermissionDenied 异常从 permission_denied() 方法 ove viewset 引发,( Source Code )
所以你的观点应该是这样的,
from rest_framework import exceptions
class CandidateCreateAPIView(generics.CreateAPIView):
# your code
def permission_denied(self, request, message=None):
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated()
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)
我也遇到了同样的问题,终于找到关键点了:
不使用任何身份验证
REST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
我有同样的问题,我找到了解决方法,你甚至不需要AllowAny权限,只需将authentication_classes设置为一个空数组,例如:
class TestView(generics.RetrieveAPIView):
renderer_classes = (JSONRenderer,)
permission_classes = (isSomethingElse,)
serializer_class = ProductSerializer
authentication_classes = [] # You still need to declare it even it is empty
def retrieve(self, request, *args, **kwargs):
pass
希望它仍然有帮助。
Per Tom Christie(DRF 作者):
I'd suggest raising a PermissionDenied explicitly if you don't want
to allow the "unauthenticated vs permission denied" check to run.
他没有继续明确提到最好的地方在哪里。接受的答案似乎在视图中这样做。但是,恕我直言,我觉得最好的地方是自定义 Permission class 本身,因为一个视图可能有多个权限,其中任何一个都可能失败。
这是我的看法(为简洁起见截断了代码):
from rest_framework import exceptions, permissions # <-- import exceptions
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
if picked_choices >= total_int_questions:
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED) # <-- raise PermissionDenied here
return True
我正在使用 Django Rest Framework 编写应用程序。
我创建了自定义权限。我为自定义权限提供了一个 message 属性,但仍会返回默认详细信息。
让我给你我的代码。
permissions.py:
from annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
views.py:
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
注意:我正在构建的应用程序可以让候选人回答问题。我之所以这样重写create函数,是为了让还没做完所有题目的考生也能答对所有题目。
为什么权限信息是默认的"Authentication credentials were not provided."而不是我自己的?
消息 Authentication credentials were not provided. 说,您 未提供凭据 。它不同于 凭据错误 消息
接下来是 BasePermission class 没有属性 message,所以它不会'除非你强迫,否则不要使用你的 message 属性。 ( Source Code )
如何显示自定义 PermissionDenied 消息?
PermissionDenied 异常从 permission_denied() 方法 ove viewset 引发,( Source Code )
所以你的观点应该是这样的,
from rest_framework import exceptions
class CandidateCreateAPIView(generics.CreateAPIView):
# your code
def permission_denied(self, request, message=None):
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated()
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)
我也遇到了同样的问题,终于找到关键点了:
不使用任何身份验证
REST_FRAMEWORK = {
# other settings...
'DEFAULT_AUTHENTICATION_CLASSES': [],
'DEFAULT_PERMISSION_CLASSES': [],
}
我有同样的问题,我找到了解决方法,你甚至不需要AllowAny权限,只需将authentication_classes设置为一个空数组,例如:
class TestView(generics.RetrieveAPIView):
renderer_classes = (JSONRenderer,)
permission_classes = (isSomethingElse,)
serializer_class = ProductSerializer
authentication_classes = [] # You still need to declare it even it is empty
def retrieve(self, request, *args, **kwargs):
pass
希望它仍然有帮助。
Per Tom Christie(DRF 作者):
I'd suggest raising a
PermissionDeniedexplicitly if you don't want to allow the "unauthenticated vs permission denied" check to run.
他没有继续明确提到最好的地方在哪里。接受的答案似乎在视图中这样做。但是,恕我直言,我觉得最好的地方是自定义 Permission class 本身,因为一个视图可能有多个权限,其中任何一个都可能失败。
这是我的看法(为简洁起见截断了代码):
from rest_framework import exceptions, permissions # <-- import exceptions
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
if picked_choices >= total_int_questions:
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED) # <-- raise PermissionDenied here
return True