我正在使用Django rest framework构建一个api,我正在使用带有CustomObjectPermissions的ModelViewSet,它对任何具有正确权限的用户都可以正常工作,但我想知道如何允许任何用户更新自己的配置文件?我的意思是这个用户不能更新其他用户,但是如果用户id是当前用户id,他可以更新一些列。此用户没有任何django权限,他只有对应用程序的访问权限。最后,我想将其与DjangoObjectPermissions一起使用
Views.py这里我想允许任何用户更新自己的配置文件
from rest_framework_simplejwt.views import TokenObtainPairView
from rest_framework import status, permissions, generics, viewsets
from rest_framework.response import Response
from rest_framework.views import APIView
from .serializers import MyTokenObtainPairSerializer, UserSerializer
from .models import User
from authentication.permisssions import CustomObjectPermissions
class ObtainTokenPairView(TokenObtainPairView):
permission_classes = (permissions.AllowAny,)
serializer_class = MyTokenObtainPairSerializer
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
permission_classes = (CustomObjectPermissions,)
queryset = User.objects.all().order_by('-date_joined')
serializer_class = UserSerializer
权限.py
from rest_framework import permissions
class CustomObjectPermissions(permissions.DjangoObjectPermissions):
"""
Similar to `DjangoObjectPermissions`, but adding 'view' permissions.
"""
perms_map = {
'GET': ['%(app_label)s.view_%(model_name)s'],
'OPTIONS': ['%(app_label)s.view_%(model_name)s'],
'HEAD': ['%(app_label)s.view_%(model_name)s'],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
您需要创建自定义权限以支持用户只能编辑自己的配置文件。在
permissions.py
中添加以下权限类相关问题 更多 >
编程相关推荐