擅长:python、mysql、java
<p>实际上,这两个权限可以合并为一个。例如,按如下方式更新权限:</p>
<pre><code>class CanDeleteUser(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return False
return obj.user == request.user or ob.post.administrator.filter(pk=request.user.pk).exists()
</code></pre>
<p>在这里,我检查<code>request.user</code>是<code>obj.user</code>还是检查带有<code>obj</code>变量的<code>showcase</code>对象的管理员</p>
<p>现在我只想检查<code>collaborator</code>的权限</p>
<pre><code>class CollaboratorDeleteView(APIView):
'''
Allow Administrators to delete a collaborator to a showcase
or allow the collaborator user to be able to delete himself
'''
permission_classes = [CanDeleteUser]
def delete(self, request, pk):
collaborator = get_object_or_404(Collaborator, pk=pk)
try:
self.check_object_permissions(request, collaborator)
</code></pre>