DRF 权限的流程
django rest framework,入口是 dispatch,然后依次
--->>封装请求--->>处理版本--->>>认证--->>>权限--->>>限制访问频率
(1)auth需要通过token唯一标识来认证
(2)通过auth认证后得到,用户user信息,但是没有admin的权限
权限用来做进一步做职责的划分
代码
class MyPermission(object):
message = '无权访问'
def has_permission(self,request,view):
if request.user == 'userAdmin':
return True
return False
class GoodsListView(APIView):
#
# 先 登录认证 authentication_classes = [Myauthentication,]
# 不同等级的权限 依次 验证 permission_classes = [userPermission,adminPermission]
permission_classes = [MyPermission,]
def get(self,request,*args,**kwargs):
goods = Goods.objects.all()
goods_serializer = GoodsSerializer(goods,many=True)
return Response(goods_serializer.data)
# 权限的错误提示信息
def permission_denied(self, request, message=None):
"""
If request is not permitted, determine what kind of exception to raise.
"""
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated(detail='自定义信息')
raise exceptions.PermissionDenied(detail=message)
原文地址:https://www.cnblogs.com/big-handsome-guy/p/8490448.html
时间: 2024-10-08 11:45:50