英文:
'POST' or 'PUT' or 'DELETE' is not working
问题
以下是已翻译的内容:
这里的 WriteByAdminOnlyPermission 类不完全起作用。这个条件 if request.method == 'GET': 起作用,但剩下的条件不起作用。我的目标是,只有管理员可以更改信息,其他人只能查看。我该如何做?我哪里做错了?请给我一个相关的解决方案🤔。
注: 我在这里使用了自定义用户。
class User(AbstractUser):
id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
email = models.EmailField(max_length=50, unique=True, error_messages={"unique":"The email must be unique!"}
REQUIRES_FIELDS = ["email"]
objects = CustomeUserManager()
views.py:
class WriteByAdminOnlyPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if request.method == 'GET':
return True
if request.method in ['POST' or 'PUT' or 'DELETE'] and user.is_superuser:
return True
return False
class ScenarioViewSet(ModelViewSet):
permission_classes=[WriteByAdminOnlyPermission]
serializer_class = ScenarioSerializer
queryset = Scenario.objects.all()
models.py:
class Scenario(models.Model):
id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
Title = models.CharField(max_length=350, null=True, blank=False)
film_id = models.OneToOneField(Film, on_delete=models.CASCADE, related_name="ScenarioFilmID", null=True)
serializer.py:
class ScenarioSerializer(ModelSerializer):
class Meta:
model = Scenario
fields = "__all__"
urls.py:
router.register("scenario", views.ScenarioViewSet, basename="scenario")
英文:
Here the class WriteByAdminOnlyPermission is not working perfectly. This if request.method == 'GET': working but remaining condition is not working. My target is, only the admin can change information and the other people just can see. How can I do it? And where I did do wrong? please give me a relevant solution😥
Note: I used here custom User
class User(AbstractUser):
id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
email = models.EmailField(max_length=50, unique=True, error_messages={"unique":"The email must be unique!"})
REQUIRES_FIELDS = ["email"]
objects = CustomeUserManager()
views.py:
class WriteByAdminOnlyPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if request.method == 'GET':
return True
if request.method in['POST' or 'PUT' or 'DELETE'] and user.is_superuser:
return True
return False
class ScenarioViewSet(ModelViewSet):
permission_classes=[WriteByAdminOnlyPermission]
serializer_class = ScenarioSerializer
queryset = Scenario.objects.all()
models.py:
class Scenario(models.Model):
id = models.CharField(primary_key=True, max_length=10, default=uuid.uuid4, editable=False)
Title = models.CharField(max_length=350, null=True, blank=False)
film_id = models.OneToOneField(Film, on_delete=models.CASCADE, related_name="ScenarioFilmID", null=True)
serializer.py:
class ScenarioSerializer(ModelSerializer):
class Meta:
model = Scenario
fields = "__all__"
urls.py:
router.register(r"scenario", views.ScenarioViewSet , basename="scenario")
答案1
得分: 1
为什么在列表中使用or运算符,可以简化为['POST', 'PUT', 'DELETE'],因此:
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
编辑
尝试直接使用IsAuthenticatedOrReadOnly类,以允许未经身份验证的用户执行GET请求,并允许经过身份验证的用户执行POST、PUT和DELETE请求,因此:
from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission
class WriteByAdminOnlyPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
return True
return IsAuthenticatedOrReadOnly().has_permission(request, view)
class ScenarioViewSet(ModelViewSet):
permission_classes = [WriteByAdminOnlyPermission]
serializer_class = ScenarioSerializer
queryset = Scenario.objects.all()
正如您在下面的评论中所定义的那样,删除DEFAULT_AUTHENTICATION_CLASSES对您有用。
英文:
Why you are using or operator in list, it can be simplified as ['POST', 'PUT', 'DELETE']so:
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
Edit
Try to use the IsAuthenticatedOrReadOnly class directly to allow unauthenticated users to perform GET requests and authenticated users to perform POST, PUT, and DELETE requests so:
from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission
class WriteByAdminOnlyPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if request.method in ['POST', 'PUT', 'DELETE'] and user.is_superuser:
return True
return IsAuthenticatedOrReadOnly().has_permission(request, view)
class ScenarioViewSet(ModelViewSet):
permission_classes = [WriteByAdminOnlyPermission]
serializer_class = ScenarioSerializer
queryset = Scenario.objects.all()
As defined by you in the below comment as removing DEFAULT_AUTHENTICATION_CLASSES worked for you.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论