我正在使用DRF编写API。我想为我的Modelviewsets中的每个视图提供不同的权限。我有两个组(客户和员工)。我已经在 permissions.py 中将它们过滤为Isstaff和Iscustomer。
class Iscustomer(permissions.BasePermission):
def has_permission(self, request, view):
if request.user and request.user.groups.filter(name='customers'):
return True
return False
class Isstaff(permissions.BasePermission):
def has_permission(self, request, view):
if request.user and request.user.groups.filter(name='staff'):
return True
return False
我正在尝试重写使用get_permissions方法。当我在self.permission_classes中放入一个单独的组时,它运行良好。
class cityviewset(viewsets.ModelViewSet):
queryset = city.objects.all()
serializer_class = citySerializer
def get_permissions(self):
if self.request.method == 'POST' or self.request.method == 'DELETE':
self.permission_classes = [Isstaff]
return super(cityviewset, self).get_permissions()
但是,当我尝试将多个组放入self.permission_classes中时,它失败了。
def get_permissions(self):
if self.request.method == 'POST' or self.request.method == 'DELETE':
self.permission_classes = [Isstaff,Iscustomer,]
return super(cityviewset, self).get_permissions()