系统内置的权限
AllowAny 允许所有用户
IsAuthenticated 仅通过认证的用户
IsAdminUser 仅管理员用户
IsAuthenticatedOrReadOnly 认证的用户可以完全操作,否则只能get读取
对应的Serializer
from rest_framework import serializers
from App.models import User
class UserSerializer(serializers.ModelSerializer):
class Meta:
model=User
fields = "__all__"
创建类函数
class MyPermisson(BasePermission):
# 对视图授权
def has_permission(self, request, view):
print("权限限制")
# 返回True就是有权限
# 返回False就是没权限
# return False
# 认证通过就有权限
return request.user and isinstance(request.user,User)
配置settings,全局的权限认证
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'App.authentications.MyAuthentication', ),
"DEFAULT_PERMISSION_CLASSES":
["app.permission.SuperPerssion","app.permission.StaffPerssion" ]
}