更新时间:2023-12-01 12:45:46
实际上,两种权限都可以合并为一个。例如,更新这样的权限:
Actually both permissions can be combined into single one. For example updating the permission like this:
class CanDeleteUser(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return False
return obj.user == request.user or ob.post.administrator.filter(pk=request.user.pk).exists()
这里我正在检查 request.user
是 obj.user
或检查展示柜
的管理员>附有 obj
变量的对象。
Here I am checking either the request.user
is obj.user
or checking against administrators of the showcase
object attached with obj
variable.
现在我只去检查合作者
的权限。
Now I am only going to check permission for collaborator
.
class CollaboratorDeleteView(APIView):
'''
Allow Administrators to delete a collaborator to a showcase
or allow the collaborator user to be able to delete himself
'''
permission_classes = [CanDeleteUser]
def delete(self, request, pk):
collaborator = get_object_or_404(Collaborator, pk=pk)
try:
self.check_object_permissions(request, collaborator)