在 django rest 框架中结合 2 个自定义权限

我有一个模型Showcase,用户可以用来展示项目,还有一个协作模型,用户可以在其中将合作者添加到展示中。我正在尝试实现一个案例,展示中的管理员和协作中的用户可以删除该协作。


为了更好地解释,在展示模型中,有一个管理展示的管理员列表。他们还可以将合作者(通过Collaborator模型)添加到展示中。有Collaborator一个用户字段,即为展示做出贡献的用户。


我希望在添加协作者后,该用户可以删除自己(如果他不想成为展示的一部分),或者管理员可以删除该协作者(如果添加了错误的用户并想要删除那个橱窗里的他)


models.py


class Showcase(models.Model):

    title = models.CharField(max_length=50)

    description = models.TextField(null=True)

    skill_type = models.ForeignKey(Skill, on_delete=models.CASCADE)

    user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.DO_NOTHING, related_name="Showcases")

    content = models.TextField(null=True)

    created_on = models.DateTimeField(auto_now_add=True)

    updated_on = models.DateTimeField(auto_now=True)

    voters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name="upvotes")

    slug = models.SlugField(max_length=255, unique=True)

    administrator = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name="administrators", blank=True)



class Collaborator(models.Model):

    post = models.ForeignKey(Showcase, on_delete=models.CASCADE, related_name="collaborated_showcases")

    user = models.ForeignKey(settings.AUTH_USER_MODEL, 

                            on_delete=models.CASCADE, related_name="collaborators")

    skill = models.ForeignKey(Skill, on_delete=models.CASCADE, null=True, related_name="creative_type")

    role = models.TextField(null=True)

    created_on = models.DateTimeField(auto_now_add=True)

    updated_on = models.DateTimeField(auto_now=True)

permission.py


class IsUser(permissions.BasePermission):


    def has_object_permission(self, request, view, obj):

        if request.method in permissions.SAFE_METHODS:

            return False

        return obj.user == request.user



path("collaborator/<int:pk>/delete/", qv.CollaboratorDeleteView.as_view(), name="collaborator-delete-view"),

现在我已经能够实现管理员可以删除协作者,但是我如何为Collaborator模型中的用户添加另一个权限,以便能够通过相同的视图将自己作为协作者删除?


森栏
浏览 79回答 2
2回答

狐的传说

实际上,这两种权限都可以合并为一个。例如像这样更新权限:class CanDeleteUser(permissions.BasePermission):&nbsp; &nbsp; def has_object_permission(self, request, view, obj):&nbsp; &nbsp; &nbsp; &nbsp; if request.method in permissions.SAFE_METHODS:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; return False&nbsp; &nbsp; &nbsp; &nbsp; return obj.user == request.user or ob.post.administrator.filter(pk=request.user.pk).exists()在这里,我正在检查request.useris或检查附加变量obj.user的对象的管理员。showcaseobj现在我只检查collaborator.class CollaboratorDeleteView(APIView):&nbsp; &nbsp; '''&nbsp; &nbsp; Allow Administrators to delete a collaborator to a showcase&nbsp;&nbsp; &nbsp; or allow the collaborator user to be able to delete himself&nbsp;&nbsp; &nbsp; '''&nbsp; &nbsp; permission_classes = [CanDeleteUser]&nbsp; &nbsp; def delete(self, request, pk):&nbsp; &nbsp; &nbsp; &nbsp; collaborator = get_object_or_404(Collaborator, pk=pk)&nbsp; &nbsp; &nbsp; &nbsp; try:&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; self.check_object_permissions(request, collaborator)

qq_笑_17

您可以permission_classses使用 & (and)、| 添加任意数量的权限来赋予属性 (or) 和 ~ (not) 符号 ( doc ):class CollaboratorDeleteView(APIView):&nbsp; &nbsp; '''&nbsp; &nbsp; Allow Administrators to delete a collaborator to a showcase&nbsp;&nbsp; &nbsp; or allow the collaborator user to be able to delete himself&nbsp;&nbsp; &nbsp; '''&nbsp; &nbsp; permission_classes = [IsAdmin|IsUser]这两个权限现在都可以使用OR逻辑。
打开App,查看更多内容
随时随地看视频慕课网APP

相关分类

Python