Fork me on GitHub

DRF 权限的流程

DRF 权限的流程


django rest framework入口是 dispatch,然后依次

--->>封装请求--->>处理版本--->>>认证--->>>权限--->>>限制访问频率


(1)auth需要通过token唯一标识来认证

(2)通过auth认证后得到,用户user信息,但是没有admin的权限

权限用来做进一步做职责的划分

代码

class MyPermission(object):
        message = '无权访问'
        def has_permission(self,request,view):
            if request.user == 'userAdmin':
                return True
            return False

class GoodsListView(APIView):
    #
    # 先 登录认证 authentication_classes = [Myauthentication,]
    # 不同等级的权限 依次 验证  permission_classes = [userPermission,adminPermission]
    permission_classes = [MyPermission,]
 
    def get(self,request,*args,**kwargs):
        goods = Goods.objects.all()
        goods_serializer = GoodsSerializer(goods,many=True)
        return Response(goods_serializer.data)

    # 权限的错误提示信息

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(detail='自定义信息')
        raise exceptions.PermissionDenied(detail=message)
posted @ 2018-03-01 20:27  派对动物  阅读(963)  评论(0编辑  收藏  举报
Top