如果我有这个:
class Image(models.Model):
user = models.ForeignKey(User)
我如何编写一个允许从任何人获取 GET 的资源,但仅在与 GETrequest.user相同时才 PUT image.user?
问问题
122 次
1 回答
2
创建您的模型视图集使用的权限
class CreatorPermissions(BasePermission):
def has_permission(self, request, view):
return request.method in permissions.SAFE_METHOD
def has_object_permission(self, request, view, obj):
return request.user.id == obj.user.id
class ImageViewSet(viewsets.ModelViewSet):
model = Image
serializer_class = ImageSerializer # you have to create this
permission_classes = (CreatorPermissions,)
queryset = Image.objects.all()
于 2014-03-31T07:33:04.197 回答