1. 权限基本概念
- 判断登录者的身份。一般通过用户名/密码、手机号、身份证号、邮箱、指纹、session、cookies等
- 对授予的权限进行鉴定,有授权才能鉴权,如接口权限验证
2. DRF权限使用
- DRF默认权限校验类文件:rest_framework.permissions.py
urlpatterns = [
path('api/', include('rest_framework.urls')),
]
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication'
],
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.AllowAny',
'rest_framework.permissions.IsAuthenticated',
'rest_framework.permissions.IsAdminUser',
'rest_framework.permissions.IsAuthenticatedOrReadOnly'
],
}
from rest_framework import permissions
class ProjectViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated]
...