我无法指定权限。我有帐户、站点和信息模型:
账户
class Accounts(models.Model):
user = models.ForeignKey(to=User, on_delete=models.SET_NULL, null=True, editable=True, blank=True, verbose_name='Пользователь')
name = models.CharField(max_length=255, unique=True, verbose_name='Название')
def __str__(self):
return self.name
网站和信息
class Sites(models.Model):
account = models.ForeignKey(to=Accounts, on_delete=models.RESTRICT)
name = models.CharField(max_length=255)
def __str__(self):
return self.name
class Information(models.Model):
site = models.ForeignKey(to=Sites, related_name='information', on_delete=models.RESTRICT)
name_of_data = models.CharField(max_length=255)
data = models.CharField(max_length=255)
def __str__(self):
return self.name_of_data
我的视图应该返回网站列表和每个网站的信息,具体取决于请求的帐户(例如 /accounts/3 应该返回属于第三个帐户的所有网站和信息)。以下是我的序列化器,以供更多理解:
from .models import Information, Sites
from app.serializers import AccountsSerializer
class InformationSerializer(serializers.ModelSerializer):
class Meta:
model = Information
fields = ['name_of_data', 'data']
class SitesSerializer(serializers.ModelSerializer):
information = InformationSerializer(many=True, read_only=True)
account = AccountsSerializer(read_only=True)
class Meta:
model = Sites
fields = ['account', 'name', 'information']
这是我对此的看法:
class ProfileView(ListAPIView):
def list(self, request, *args, **kwargs):
self.check_object_permissions()
account_id = self.kwargs.get('account_id')
queryset = Sites.objects.filter(account_id=account_id)
serializer = SitesSerializer(queryset, many=True)
return Response(serializer.data, status=status.HTTP_200_OK)
我需要使用以下规则限制用户访问:
但我总是会遇到错误,而且总是不同的错误。
在上面的代码中根本没有检查权限并且不起作用。
首先我认为
Accounts
实例应该位于顶层,然后是 Sites
,然后是 Information
。所以我认为你应该重建你的序列化器。
其次,我认为在这种情况下您不需要手动获取查询参数 - 尝试使用
RetrieveAPIView
。
from rest_framework.serializers import ModelSerializer
class InformationSerializer(ModelSerializer):
class Meta:
model = Information
fields = ["name_of_data", "data"]
class SitesSerializer(ModelSerializer):
information = InformationSerializer(many=True, read_only=True)
class Meta:
model = Sites
fields = ["id", "information"]
class AccountsRetrieveSerializer(ModelSerializer):
sites = SitesSerializer(many=True, read_only=True)
class Meta:
model = Accounts
fields = ["id", "name", "sites"]
from rest_framework.permissions import BasePermission
class IsObjectOwner(BasePermission):
def has_object_permission(self, request, view, obj):
return obj.user == request.user
from rest_framework.generics import RetrieveAPIView
from rest_framework.permissions import IsAuthenticated
class ProfileView(RetrieveAPIView):
permission_classes = [IsAuthenticated, IsObjectOwner]
serializer_class = AccountsRetrieveSerializer
希望对你有一点帮助。