如何授予某些用户一次只能查看一个实例的权限?
How to give permission to some user which allow only view one instance by one time?
我总是希望允许一次检查所有用户查看一个实例。
但另一个功能,如 get(list)\post\patch\update\delete 仅适用于具有此操作的一般权限的用户。
class IsCardAccess(BasePermission):
def has_permission(self, request, view):
has_perm = False
if request.user and request.user.is_authenticated:
if request.user.has_perm_extended(PERM_CARD_ACCESS):
has_perm = True
elif request.user.has_perm_extended(PERM_CARD_SUPER_ACCESS):
has_perm = True
return has_perm
在这种情况下,没有 PERM_CARD_ACCESS 和 PERM_CARD_SUPER_ACCESS 的用户不能做任何事情,但是当 PERM_CARD_ACCESS 用户可以做所有这些操作 (get\post\patch\update\delete)。
我不明白我需要做什么。
有人有什么想法吗?
我忘记了这个问题,但现在我可以写下我的答案了。
我这样做了:
def has_permission(self, request, view):
has_perm = False
if not request.user or not request.user.is_authenticated:
return has_perm
if request.user.has_perm_extended(PERM_CARDS_ACCESS) or \
request.user.has_perm_extended(PERM_CARDS_SUPER_ACCESS):
has_perm = True
elif request.user.has_perm_extended(PERM_VIEW_CARD_ACCESS):
# user with this perm has got limited access to check card-info
if hasattr(view, 'action'):
resolve_url = resolve(request.path).url_name
if view.action == 'retrieve' and resolve_url == "cards-card-detail":
has_perm = True
if view.action == 'list' and resolve_url == "cards-operations-list":
has_perm = True
return has_perm
我总是希望允许一次检查所有用户查看一个实例。
但另一个功能,如 get(list)\post\patch\update\delete 仅适用于具有此操作的一般权限的用户。
class IsCardAccess(BasePermission):
def has_permission(self, request, view):
has_perm = False
if request.user and request.user.is_authenticated:
if request.user.has_perm_extended(PERM_CARD_ACCESS):
has_perm = True
elif request.user.has_perm_extended(PERM_CARD_SUPER_ACCESS):
has_perm = True
return has_perm
在这种情况下,没有 PERM_CARD_ACCESS 和 PERM_CARD_SUPER_ACCESS 的用户不能做任何事情,但是当 PERM_CARD_ACCESS 用户可以做所有这些操作 (get\post\patch\update\delete)。
我不明白我需要做什么。
有人有什么想法吗?
我忘记了这个问题,但现在我可以写下我的答案了。
我这样做了:
def has_permission(self, request, view):
has_perm = False
if not request.user or not request.user.is_authenticated:
return has_perm
if request.user.has_perm_extended(PERM_CARDS_ACCESS) or \
request.user.has_perm_extended(PERM_CARDS_SUPER_ACCESS):
has_perm = True
elif request.user.has_perm_extended(PERM_VIEW_CARD_ACCESS):
# user with this perm has got limited access to check card-info
if hasattr(view, 'action'):
resolve_url = resolve(request.path).url_name
if view.action == 'retrieve' and resolve_url == "cards-card-detail":
has_perm = True
if view.action == 'list' and resolve_url == "cards-operations-list":
has_perm = True
return has_perm