原权限判断代码
def check_permissions(self, request):
"""
Check if the request should be permitted.
Raises an appropriate exception if the request is not permitted.
"""
for permission in self.get_permissions():
if not permission.has_permission(request, self):
self.permission_denied(
request,
message=getattr(permission, 'message', None),
code=getattr(permission, 'code', None)
)
修改判断(后用OrPermissionAPIView代替APIView)
from rest_framework.views import APIView
class OrPermissionAPIView(APIView):
def check_permissions(self, request):
"""
重写check_permissions方法,把权限变成or
"""
# 创建一个list存放没有通过权限的权限类
no_permission_list = []
for permission in self.get_permissions():
if permission.has_permission(request, self):
# 有一个通过即返回
return
else:
no_permission_list.append(permission)
else:
self.permission_denied(
request,
message=getattr(no_permission_list[0], 'message', None),
code=getattr(no_permission_list[0], 'code', None)
)
视图
#走正常判断逻辑and
class OrderView(APIView):
def get(self, request):
print(request.user, request.auth)
return Response({'status': 'OrderView'})
from ext.views import OrPermissionAPIView
#走or判断逻辑
class UserView(OrPermissionAPIView):
def get(self, request):
print(request.user, request.auth)
return Response({'status': 'UserView'})