我查看了关于同一主题的类似问题,我认为我遵循了为 has_object_permission
指定的所有规则。 .
这就是我在我的设置中所拥有的。
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
'users.permissions.CanAccessData', # this is my custom class
],
...
}
这是我的权限类class CanAccessData(permissions.BasePermission):
message = 'You do not have permission to perform this action.'
def has_permission(self, request, view):
print "has_permission`"
return True
def has_object_permission(self, request, view, obj):
print "has_object_permission"
return False
这是我的 View 结构:class CompleteList(generics.ListCreateAPIView):
permission_classes = (CanAccessData,)
serializer_class = SomeSerializer
model = Some
filter_backends = (filters.OrderingFilter, filters.SearchFilter)
ordering_fields = (tuple of Some fields)
search_fields = ordering_fields
ordering = ('-create_date')
仍然,has_object_permission
没有接到电话,has_permission
虽然被调用。
最佳答案
has_object_permission
不为 ListView 调用。 documentation说如下:
Also note that the generic views will only check the object-level permissions for views that retrieve a single model instance. If you require object-level filtering of list views, you'll need to filter the queryset separately. See the filtering documentation for more details.
关于django - has_object_permission 未调用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54783424/