‘POST’ 或 ‘PUT’ 或 ‘DELETE’ 不起作用

huangapple go评论73阅读模式
英文:

'POST' or 'PUT' or 'DELETE' is not working

问题

以下是已翻译的内容:

这里的 WriteByAdminOnlyPermission 类不完全起作用。这个条件 if request.method == 'GET': 起作用,但剩下的条件不起作用。我的目标是,只有管理员可以更改信息,其他人只能查看。我该如何做?我哪里做错了?请给我一个相关的解决方案🤔。

注: 我在这里使用了自定义用户。

class User(AbstractUser):
    id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)

    email = models.EmailField(max_length=50, unique=True, error_messages={"unique":"The email must be unique!"}
    REQUIRES_FIELDS = ["email"]
    objects = CustomeUserManager()

views.py:

class WriteByAdminOnlyPermission(BasePermission):
    def has_permission(self, request, view):
        user = request.user

        if request.method == 'GET':
            return True

        if request.method in ['POST' or 'PUT' or 'DELETE'] and user.is_superuser:
            return True
        return False

class ScenarioViewSet(ModelViewSet):
    permission_classes=[WriteByAdminOnlyPermission]
    serializer_class = ScenarioSerializer
    queryset = Scenario.objects.all()

models.py:

class Scenario(models.Model):
    id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
    Title = models.CharField(max_length=350, null=True, blank=False)
    film_id = models.OneToOneField(Film, on_delete=models.CASCADE, related_name="ScenarioFilmID", null=True)

serializer.py:

class ScenarioSerializer(ModelSerializer):
    class Meta:
        model = Scenario
        fields = "__all__"

urls.py:

router.register("scenario", views.ScenarioViewSet, basename="scenario")
英文:

Here the class WriteByAdminOnlyPermission is not working perfectly. This if request.method == 'GET': working but remaining condition is not working. My target is, only the admin can change information and the other people just can see. How can I do it? And where I did do wrong? please give me a relevant solution😥

Note: I used here custom User

class User(AbstractUser):
    id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)

    email = models.EmailField(max_length=50, unique=True, error_messages={"unique":"The email must be unique!"})
    REQUIRES_FIELDS = ["email"]
    objects = CustomeUserManager()

views.py:

class WriteByAdminOnlyPermission(BasePermission):
    def has_permission(self, request, view):
        user = request.user

        if request.method == 'GET':
            return True

        if request.method in['POST' or 'PUT' or 'DELETE'] and user.is_superuser:
            return True
        return False

class ScenarioViewSet(ModelViewSet):
    permission_classes=[WriteByAdminOnlyPermission]
    serializer_class = ScenarioSerializer
    queryset = Scenario.objects.all()

models.py:

class Scenario(models.Model):
    id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
    Title = models.CharField(max_length=350, null=True, blank=False)
    film_id = models.OneToOneField(Film, on_delete=models.CASCADE, related_name="ScenarioFilmID", null=True)

serializer.py:

class ScenarioSerializer(ModelSerializer):
    class Meta:
        model = Scenario
        fields = "__all__"

urls.py:

router.register(r"scenario", views.ScenarioViewSet , basename="scenario")

答案1

得分: 1

为什么在列表中使用or运算符,可以简化为['POST', 'PUT', 'DELETE'],因此:

if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:

编辑

尝试直接使用IsAuthenticatedOrReadOnly类,以允许未经身份验证的用户执行GET请求,并允许经过身份验证的用户执行POSTPUTDELETE请求,因此:

from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission

class WriteByAdminOnlyPermission(BasePermission):
    def has_permission(self, request, view):
        user = request.user

        if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
            return True        
        return IsAuthenticatedOrReadOnly().has_permission(request, view)

class ScenarioViewSet(ModelViewSet):
    permission_classes = [WriteByAdminOnlyPermission]
    serializer_class = ScenarioSerializer
    queryset = Scenario.objects.all()

正如您在下面的评论中所定义的那样,删除DEFAULT_AUTHENTICATION_CLASSES对您有用。

英文:

Why you are using or operator in list, it can be simplified as ['POST', 'PUT', 'DELETE']so:

if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:

Edit

Try to use the IsAuthenticatedOrReadOnly class directly to allow unauthenticated users to perform GET requests and authenticated users to perform POST, PUT, and DELETE requests so:

from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission

class WriteByAdminOnlyPermission(BasePermission):
    def has_permission(self, request, view):
        user = request.user

        if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
            return True        
        return IsAuthenticatedOrReadOnly().has_permission(request, view)

class ScenarioViewSet(ModelViewSet):
    permission_classes = [WriteByAdminOnlyPermission]
    serializer_class = ScenarioSerializer
    queryset = Scenario.objects.all()

As defined by you in the below comment as removing DEFAULT_AUTHENTICATION_CLASSES worked for you.

huangapple
  • 本文由 发表于 2023年2月18日 02:44:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75488203.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定