DjangoModelPermissions 不适用于我的 API 应用程序中的视图级别权限
DjangoModelPermissions is not working for view level permission in my API application
我已经创建了一个 API,我正在尝试为我的 API 应用程序中的视图提供权限。我已在我的管理门户中将用户分配到具有权限的组,然后我在我的视图中使用 DjangoModelPermissions,以便权限根据无法正常工作的管理门户运行。
当我使用 IsAdminUser 然后它的工作是阻止其他用户阅读视图。但是对于 DjangoModelPermissions 它不起作用。
简单来说,我想阻止少数用户访问视图,即使在分配权限并传递此值 DjangoModelPermissions 后,用户仍然可以访问该权限查看。
我的管理员组中的用户和组
一个 super_user 分配给具有所有权限的 Developers 组。
一个 Testuser 分配给 Language 组,只能访问语言视图。
模型代码
```Python
from django.db import models
class Paradigm(models.Model):
name = models.CharField(max_length=50)
def __str__(self):
return self.name
# Create your models here.
class Language(models.Model):
name = models.CharField(max_length=50)
paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)
# this method will help us to get the actual Name insted of object name
def __str__(self):
return self.name
class Programmer(models.Model):
name = models.CharField(max_length=50)
languages = models.ManyToManyField(Language)
def __str__(self):
return self.name
查看代码
from django.shortcuts import render
from rest_framework import viewsets, permissions
from .models import Language, Programmer, Paradigm
from .serializers import LanguageSerializer, ParadigmSerializer, ProgrammerSerializer
from rest_framework.permissions import BasePermission, IsAdminUser, DjangoModelPermissions
# Create your views here.
class LanguageView(viewsets.ModelViewSet):
queryset = Language.objects.all()
serializer_class = LanguageSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ProgrammerView(viewsets.ModelViewSet):
queryset = Programmer.objects.all()
serializer_class = ProgrammerSerializer
#This Below line is working only for Admin user
permission_classes = [IsAdminUser]
请帮助我,因为我是 Django 的新手。
谢谢
创建 permissions.py 文件为:
from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
perms_map = {
'GET':['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
扩展默认的 DjangoModelPermissions,并添加这个 perms_map
另外,将您的 views.py 更新为:
from .permissions import D7896DjangoModelPermissions
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
permission_classes = [D7896DjangoModelPermissions]
这对我有用:)
我已经创建了一个 API,我正在尝试为我的 API 应用程序中的视图提供权限。我已在我的管理门户中将用户分配到具有权限的组,然后我在我的视图中使用 DjangoModelPermissions,以便权限根据无法正常工作的管理门户运行。 当我使用 IsAdminUser 然后它的工作是阻止其他用户阅读视图。但是对于 DjangoModelPermissions 它不起作用。
简单来说,我想阻止少数用户访问视图,即使在分配权限并传递此值 DjangoModelPermissions 后,用户仍然可以访问该权限查看。
我的管理员组中的用户和组 一个 super_user 分配给具有所有权限的 Developers 组。 一个 Testuser 分配给 Language 组,只能访问语言视图。
模型代码
```Python
from django.db import models
class Paradigm(models.Model):
name = models.CharField(max_length=50)
def __str__(self):
return self.name
# Create your models here.
class Language(models.Model):
name = models.CharField(max_length=50)
paradigm = models.ForeignKey(Paradigm,on_delete=models.CASCADE)
# this method will help us to get the actual Name insted of object name
def __str__(self):
return self.name
class Programmer(models.Model):
name = models.CharField(max_length=50)
languages = models.ManyToManyField(Language)
def __str__(self):
return self.name
查看代码
from django.shortcuts import render
from rest_framework import viewsets, permissions
from .models import Language, Programmer, Paradigm
from .serializers import LanguageSerializer, ParadigmSerializer, ProgrammerSerializer
from rest_framework.permissions import BasePermission, IsAdminUser, DjangoModelPermissions
# Create your views here.
class LanguageView(viewsets.ModelViewSet):
queryset = Language.objects.all()
serializer_class = LanguageSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
# This below line is not working
permission_classes = [DjangoModelPermissions]
class ProgrammerView(viewsets.ModelViewSet):
queryset = Programmer.objects.all()
serializer_class = ProgrammerSerializer
#This Below line is working only for Admin user
permission_classes = [IsAdminUser]
请帮助我,因为我是 Django 的新手。 谢谢
创建 permissions.py 文件为:
from rest_framework.permissions import DjangoModelPermissions
class D7896DjangoModelPermissions(DjangoModelPermissions):
perms_map = {
'GET':['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
扩展默认的 DjangoModelPermissions,并添加这个 perms_map 另外,将您的 views.py 更新为:
from .permissions import D7896DjangoModelPermissions
class ParadigmView(viewsets.ModelViewSet):
queryset = Paradigm.objects.all()
serializer_class = ParadigmSerializer
permission_classes = [D7896DjangoModelPermissions]
这对我有用:)