我在用于用户模型的rest API中具有以下功能.我只想对POST请求设置AllowAny权限.有人可以帮我吗?
I have following functions in rest API for User model. I want to set AllowAny permission on only POST request. Can someone help me out.
class UserList(APIView): """Get and post users data.""" def get(self, request, format=None): """Get users.""" users = User.objects.all() serialized_users = UserSerializer(users, many=True) return Response(serialized_users.data) def post(self, request, format=None): """Post users.""" serializer = UserSerializer(data=request.data) if serializer.is_valid(): serializer.save() return Response(serializer.data, status=status.HTTP_201_CREATED)推荐答案
您可以编写自定义权限类 IsPostOrIsAuthenticated ,它将允许不受限制地访问POST请求,但仅允许通过身份验证的GET请求.
You can write a custom Permission class IsPostOrIsAuthenticated which will allow unrestricted access to POST requests but will allow only authenticated GET requests.
要实现自定义权限IsPostOrIsAuthenticated,请覆盖BasePermission类并实现.has_permission(self, request, view)方法.如果应授予请求访问权限,该方法应返回True,否则返回False.
To implement the custom permission IsPostOrIsAuthenticated, override the BasePermission class and implement .has_permission(self, request, view) method. The method should return True if the request should be granted access, and False otherwise.
from rest_framework import permissions class IsPostOrIsAuthenticated(permissions.BasePermission): def has_permission(self, request, view): # allow all POST requests if request.method == 'POST': return True # Otherwise, only allow authenticated requests # Post Django 1.10, 'is_authenticated' is a read-only attribute return request.user and request.user.is_authenticated因此,所有POST请求将被授予不受限制的访问权限.对于其他请求,将需要身份验证.
So, all POST requests will be granted unrestricted access. For other requests, authentication will be required.
现在,您需要在全局设置中包括此自定义权限类.
Now, you need to include this custom permission class in your global settings.
REST_FRAMEWORK = { 'DEFAULT_PERMISSION_CLASSES': ( 'my_app.permissions.IsPostOrIsAuthenticated', ) }更多推荐
如何仅在特定方法上添加django rest框架权限?
发布评论