我需要创建一个嵌套路由。 看起来像这样的api/<campaign-name>/content/<content-id> 。 我知道有一些包( 这个和这个 )创建了嵌套路由。 我试过它们并且相当有限。 所以我决定硬连接网址。 网址和观点如下:
在urls.py
# contents ## detail, update, remove url( r'^api/campaign/(?P<campaign>[a-z0-9-]+)/content/(?P<content>\d+)/$', ContentAPI.as_view({'get' : 'retrieve', 'put' : 'update', 'delete' : 'destroy'}), name = "content-detail" ), ## toggle content verification url( r'^api/campaign/(?P<campaign>[a-z0-9-]+)/content/(?P<content>\d+)/toggle_status/$', ContentAPI.as_view( {'post' : 'toggle_status'}, permission_classes = [Or(IsContentManager, IsContentModerator)] ), name = "content-toggle-status" ),在views.py
class ContentAPI(viewsets.ModelViewSet): permission_classes = [Or(IsContentManager)] ... # actions and methods here一切正常,但权限似乎不起作用。 无需登录系统即可访问API。 如何在我的方案中强制执行权限。
I need to create a nested route. Which looks something like this api/<campaign-name>/content/<content-id>. I know there are packages (this and this) which creates nested routes. I have tried them and are fairly limited. So I decided to hard wire the urls. The urls and views are given below:
At urls.py
# contents ## detail, update, remove url( r'^api/campaign/(?P<campaign>[a-z0-9-]+)/content/(?P<content>\d+)/$', ContentAPI.as_view({'get' : 'retrieve', 'put' : 'update', 'delete' : 'destroy'}), name = "content-detail" ), ## toggle content verification url( r'^api/campaign/(?P<campaign>[a-z0-9-]+)/content/(?P<content>\d+)/toggle_status/$', ContentAPI.as_view( {'post' : 'toggle_status'}, permission_classes = [Or(IsContentManager, IsContentModerator)] ), name = "content-toggle-status" ),At views.py
class ContentAPI(viewsets.ModelViewSet): permission_classes = [Or(IsContentManager)] ... # actions and methods hereEverything works fine but the permissions don't seem to work. The API can be accessed without logging into the system. How to enforce the permissions in my scenario.
最满意答案
这个错误在我身边。 当我使用router.register('api/(?P<domain>[a-z0-9]+)/sub-domain/(?P<sub_domain>[a-z0-9]+), SubdomainAPI)生成嵌套路由时router.register('api/(?P<domain>[a-z0-9]+)/sub-domain/(?P<sub_domain>[a-z0-9]+), SubdomainAPI) ,我不得不在SubdomainAPI过滤domain 。
所以我在initial()做了这个:
def initial(self, request, *args, **kwargs): self.domain = self._get_domain() super(SubdomainAPI, self).initial(request, *args, **kwargs)self._get_domain()检查域是否存在并引发404错误。 由于在权限检查之前提出了404错误,因此我的测试失败了。
应该是:
def initial(self, request, *args, **kwargs): super(SubdomainAPI, self).initial(request, *args, **kwargs) self.domain = self._get_domain()希望如果其他人遇到类似的问题,这将有所帮助。
The error was on my side. As I was generating nested route using router.register('api/(?P<domain>[a-z0-9]+)/sub-domain/(?P<sub_domain>[a-z0-9]+), SubdomainAPI), I had to filter domain at SubdomainAPI.
So I did this at initial():
def initial(self, request, *args, **kwargs): self.domain = self._get_domain() super(SubdomainAPI, self).initial(request, *args, **kwargs)self._get_domain() checks if domain exists and raises 404 error. Since 404 error was being raised before permission checks my tests were failing.
Which should have been:
def initial(self, request, *args, **kwargs): super(SubdomainAPI, self).initial(request, *args, **kwargs) self.domain = self._get_domain()Hope this will be helpful if others stumbleupon similar problem.
更多推荐
发布评论