我正在使用 Django Rest Framework 编写应用程序。
我创建了一个自定义权限。我为自定义权限提供了一个 message
属性,但仍会返回默认详细信息。
让我给你我的代码。
permissions.py
:
from annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
views.py
:
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
注意:我正在构建的应用程序可以让候选人回答问题。我之所以这样重写 create 函数,是为了让尚未完成所有问题的考生仍然能够回答所有问题。
为什么权限消息是默认的 “Authentication credentials were not provided.”
而不是我自己的?
最佳答案
消息 Authentication credentials were not provided.
表示,您未提供凭据。它不同于credentials are wrong消息
接下来是 BasePermission
类没有属性 message
,所以它不会使用你的 message
属性,除非你强制。 ( Source Code )
如何显示自定义 PermissionDenied
消息?
PermissionDenied
异常从 permission_denied()
方法 ove viewset 引发,( Source Code )
所以你的观点应该是这样的,
from rest_framework import exceptions
class CandidateCreateAPIView(generics.CreateAPIView):
# your code
def permission_denied(self, request, message=None):
if request.authenticators and not request.successful_authenticator:
raise exceptions.NotAuthenticated()
raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)
关于Django Rest Framework 自定义权限的消息未显示,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53036032/