下面是我的一个视图类:
from rest_framework.views import APIView
class MyView(APIView):
permission_classes = [CustomAccessPermission]
def get(self, request, id: int) -> Response:
object = get_object_or_404(MyObjectClass, id)
serializer = MySerializer(object)
return Response(serializer.data)
def delete(self, request, id: int):
object = get_object_or_404(MyObjectClass, id)
object.status = MyObjectClass.Status.DELETED
object.save()
return Response(status=status.HTTP_200_OK, data=id)
下面是我的自定义访问权限类:
from rest_framework import permissions
from django.core.exceptions import PermissionDenied
class CustomAccessPermission(permissions.BasePermission):
message = "You cannot access objects created by other users."
def has_object_permission(self, request, view, obj):
if obj.user_id != request.user.id:
raise PermissionDenied(self.message)
return True
因此,在我的对象中,我存储了user_id,它包含创建该对象的用户的ID.我想判断请求中的id是否等于该user_id,以了解用户是否可以看到此对象.因此,例如,当我运行Get:http://localhost:8050/api/objects/4时,我想获取id=4的对象的USER_ID,如果它等于quest.user.id,那么我们将允许用户看到它,否则我们应该拒绝.删除请求也是如此,应该首先根据对象的user_id进行判断.
上面的代码不起作用,它不能访问权限类中的HAS_OBJECT_PERMISSION()方法. 我应该修改什么?