我正在尝试创建一些自定义身份验证类来检查请求用户是否属于某些组。但是,我收到此 AttributeError: 'User' object has no attribute 'user' 出现,我不知道如何解决它。
这是我为自定义身份验证类创建的文件:
from rest_framework import permissions
class IsManager(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.user.group.filter(name='managers').exists():
return True
else:
return False
class IsDeliveryCrew(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.user.group.filter(name='delivery crew').exists():
return True
else:
return False
这是我查看文件:
from rest_framework import generics, status
from rest_framework.permissions import IsAuthenticated, IsAdminUser
from rest_framework.response import Response
from rest_framework.throttling import AnonRateThrottle, UserRateThrottle
from django.shortcuts import get_object_or_404
from django.http import HttpResponseBadRequest
from django.contrib.auth.models import Group, User
from .models import Category, MenuItem, Cart, Order, OrderItem
from .serializers import CategorySerialzier,MenuItemSerialzier,CartHelpSerializer, CartAddSerialzier,CartRemoveSerializer, CartSerialzier, ManagerListSerializer,OrderSerialzier,OrderItemSerializer,OrderAddSerializer, OrderItemHelperSerialzier
from .permissions import IsManager, IsDeliveryCrew
from datetime import date
import math
class CategoriesView(generics.ListCreateAPIView):
throttle_classes=[UserRateThrottle,AnonRateThrottle]
queryset = Category.objects.all()
serializer_class = CategorySerialzier
permission_classes= [IsAdminUser]
class MenuItemsView(generics.ListCreateAPIView):
throttle_classes=[UserRateThrottle,AnonRateThrottle]
queryset = MenuItem.objects.all()
serializer_class = MenuItemSerialzier
search_fields = ['title','category__title']
ordering_fields = ['price','category']
def get_permissions(self):
permission_classes = []
if self.request.method != 'GET':
permission_classes = [IsAuthenticated,IsAdminUser]
return [permission() for permission in permission_classes]
class SingleMenuItemView(generics.RetrieveUpdateDestroyAPIView):
throttle_classes=[UserRateThrottle,AnonRateThrottle]
queryset = MenuItem.objects.all()
serializer_class = MenuItemSerialzier
'''def get_permissions(self):
permission_classes = [IsAuthenticated]
if self.request.method != 'GET':
permission_classes = [IsAuthenticated, IsManager | IsAdminUser]
return [permission() for permission in permission_classes]
'''
def get_permissions(self):
permission_classes = [IsAuthenticated]
if self.request.method == "PATCH":
permission_classes = [IsAuthenticated, IsManager | IsAdminUser]
if self.request.method == "DELETE":
permission_classes = [IsAuthenticated, IsAdminUser]
return[permission() for permission in permission_classes]
最后这是我的错误回溯:
Environment:
Request Method: GET
Request URL: http://127.0.0.1:8000/api/menu-items/1
Django Version: 4.2.13
Python Version: 3.9.7
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'littlelemonAPI',
'rest_framework',
'rest_framework.authtoken',
'djoser']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback (most recent call last):
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\django\core\handlers\exception.py", line 55, in inner
response = get_response(request)
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\django\core\handlers\base.py", line 220, in _get_response
response = response.render()
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\django\template\response.py", line 114, in render
self.content = self.rendered_content
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\response.py", line 74, in rendered_content
ret = renderer.render(self.data, accepted_media_type, context)
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\renderers.py", line 726, in render
context = self.get_context(data, accepted_media_type, renderer_context)
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\renderers.py", line 659, in get_context
raw_data_patch_form = self.get_raw_data_form(data, view, 'PATCH', request)
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\renderers.py", line 540, in get_raw_data_form
if not self.show_form_for_method(view, method, request, instance):
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\renderers.py", line 430, in show_form_for_method
view.check_permissions(request)
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\views.py", line 332, in check_permissions
if not permission.has_permission(request, self):
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\rest_framework\permissions.py", line 83, in has_permission
self.op1.has_permission(request, view) or
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\littlelemon\littlelemonAPI\permissions.py", line 5, in has_permission
if request.user.user.group.filter(name='managers').exists():
File "C:\Users\georg\OneDrive\Documents\coding\django\api graded project\venv\lib\site-packages\django\utils\functional.py", line 268, in inner
return func(_wrapped, *args)
Exception Type: AttributeError at /api/menu-items/1
Exception Value: 'User' object has no attribute 'user'
我尝试查看其他论坛,但我在那里尝试的任何方法都没有帮助。
我做的一件事是尝试将视图文件中该特定方法的身份验证类设置为
通过添加token认证:
from rest_framework.authentication import TokenAuthentication
然后将其放入类中:
authentication_classes = (TokenAuthentication,)
然而,这现在给了我一个“类型”对象不是可迭代的错误,并决定这似乎会让我进一步误入歧途。
我真的不明白为什么这行不通,因为我看到的每一个地方总是用 request.user.group 来实现......并且没有任何问题。
尝试使用 request.user.groups.filter() 它应该可以工作。在这里阅读更多内容https://docs.djangoproject.com/en/5.0/ref/contrib/auth/