基本使用
class MyPermission(object):
def has_permission(self, request, view):
if request.user.user_type != 3:
return False
return True
class OrderView(APIView):
'''
订单相关业务(只让SVIP用户有权限)
'''
# authentication_classes = [FirstAuthtication, Authtication, ]
permission_classes = [MyPermission, ]
def get(self, request, *args, **kwargs):
# if request.user.user_type != 3:
# return HttpResponse('无权访问')
ret = {
'code': 1000,
'msg': None,
'data': None
}
try:
ret['data'] = ORDER_DIC
except Exception as e:
ret['code'] = 1002
ret['msg'] = '请求异常'
return JsonResponse(ret)
源码流程
执行dispatch——》执行initial方法——》执行check_permissions方法,判断权限——》遍历权限类实例化对象,执行has_permission——》如果has_permission返回True,表示通过权限认证;如果has_permission返回Flase,执行permission_denied(),抛出异常,没有权限
总结
1、基本使用
-
类必须继承BasePermission,必须实现has_permission方法
from rest_framework.permissions import BasePermission class SvipPermission(BasePermission): message = '必须是SVIP才能访问' def has_permission(self, request, view): if request.user.user_type != 3: return False return True
-
返回值
True:有权访问
Flase:无权访问
-
全局配置
REST_FRAMEWORK = { # 全局权限配置 'DEFAULT_PERMISSION_CLASSES': ['api.utils.permission.MyPermission1', ] }
-
局部配置,类中加个静态字段permission_classes,将权限类名添加到列表中
class UserInfoView(APIView): ''' 用户中心(普通用户,VIP用户都有权限) ''' # authentication_classes = [Authtication, ] permission_classes = [MyPermission1, ] def get(self, request, *args, **kwargs): # if request.user.user_type == 3: # return HttpResponse('无权访问') print(request.user) return HttpResponse('用户信息')