(2)initial
def initial(self, request, *args, **kwargs): """ Runs anything that needs to occur prior to calling the method handler. """ self.format_kwarg = self.get_format_suffix(**kwargs) # Perform content negotiation and store the accepted info on the request neg = self.perform_content_negotiation(request) request.accepted_renderer, request.accepted_media_type = neg # Determine the API version, if versioning is in use. version, scheme = self.determine_version(request, *args, **kwargs) request.version, request.versioning_scheme = version, scheme # Ensure that the incoming request is permitted #4.实现认证 self.perform_authentication(request) #5.权限判断 self.check_permissions(request) self.check_throttles(request)(3)check_permissions
里面有个has_permission这个就是我们自己写的权限判断
def check_permissions(self, request): """ Check if the request should be permitted. Raises an appropriate exception if the request is not permitted. """ #[权限类的对象列表] for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, 'message', None) )(4)get_permissions
def get_permissions(self): """ Instantiates and returns the list of permissions that this view requires. """ return [permission() for permission in self.permission_classes](5)permission_classes
所以settings全局配置就如下
#全局 REST_FRAMEWORK = { "DEFAULT_PERMISSION_CLASSES":['API.utils.permission.SVIPPremission'], } 内置权限django-rest-framework内置权限BasePermission
默认是没有限制权限
class BasePermission(object): """ A base class from which all permission classes should inherit. """ def has_permission(self, request, view): """ Return `True` if permission is granted, `False` otherwise. """ return True def has_object_permission(self, request, view, obj): """ Return `True` if permission is granted, `False` otherwise. """ return True我们自己写的权限类,应该去继承BasePermission,修改之前写的permission.py文件
# utils/permission.py from rest_framework.permissions import BasePermission class SVIPPremission(BasePermission): message = "必须是SVIP才能访问" def has_permission(self,request,view): if request.user.user_type != 3: return False return True class MyPremission(BasePermission): def has_permission(self,request,view): if request.user.user_type == 3: return False return True 总结:(1)使用
自己写的权限类:1.必须继承BasePermission类; 2.必须实现:has_permission方法
(2)返回值
True 有权访问
False 无权访问
(3)局部
permission_classes = [MyPremission,]
(4)全局
REST_FRAMEWORK = { #权限 "DEFAULT_PERMISSION_CLASSES":['API.utils.permission.SVIPPremission'], }