我正在尝试为扩展了viewsets.ModelViewSet的类设置自定义权限,但是似乎我的权限没有得到评估。这是我的视图:
from rest_framework import viewsets
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
from rest_framework.permissions import IsAuthenticated
import models
import serializers
from permissions import IsAdminOrAuthenticatedReadOnly
class KPIViewSet(viewsets.ModelViewSet):
'''
API endpoint that allows KPI metadata to be viewed or edited
'''
authentication_classes = (BasicAuthentication,)
permission_classes = (IsAdminOrAuthenticatedReadOnly,)
queryset = models.KPI.objects.all()
serializer_class = serializers.KPISerializer
以下是我的权限类:
from rest_framework.permissions import BasePermission, SAFE_METHODS
class IsAdminOrAuthenticatedReadOnly(BasePermission):
def has_permissions(self, request, view):
if request.method in SAFE_METHODS:
return request.user and request.user.is_authenticated()
return request.user and request.user.is_staff()
我遇到的问题是IsAdminOrAuthenticatedReadOnly似乎从未被评估。我通过强制它始终返回“False”和在视图中将permission_classes值切换为“IsAuthenticated”来测试了这一点。在前一种情况下,对端点的请求返回,就好像没有身份验证要求一样。在后者中,身份验证按预期执行。
你有什么想法我错过了什么吗?