我想我找到了一种方法来让它工作。oauth2_provider
没有提供任何功能来实现这一点。所以,我所做的是我定义了自己的自定义权限,类似于TokenHasScope
. 因此,创建一个名为permissions.py
并粘贴代码的文件
from rest_framework import permissions
from django.core.exceptions import ImproperlyConfigured
from rest_framework.exceptions import PermissionDenied
from oauth2_provider.settings import oauth2_settings
class TokenHasAtLeastOneScope(permissions.BasePermission):
"""
The request is authenticated as a user and the token used has at least one of the right scope
"""
def has_permission(self, request, view):
token = request.auth
if not token:
return False
if hasattr(token, "scope"): # OAuth 2
required_scopes = self.get_scopes(request, view)
log.debug("Required scopes to access resource: {0}".format(required_scopes))
# If any scope in the list of required_scopes is valid, return True.
for given_scope in required_scopes:
if token.is_valid([given_scope]):
return True
# Provide information about required scope?
include_required_scope = (
oauth2_settings.ERROR_RESPONSE_WITH_SCOPES
and required_scopes
and not token.is_expired()
and not token.allow_scopes(required_scopes)
)
if include_required_scope:
self.message = {
"detail": PermissionDenied.default_detail,
"required_scopes": list(required_scopes),
}
return False
assert False, (
"TokenHasAtLeastOneScope requires the"
"`oauth2_provider.rest_framework.OAuth2Authentication` authentication "
"class to be used."
)
然后在您看来,导入权限并进行相应设置
permission_classes = (permissions.TokenHasAtLeastOneScope)
required_scopes = ['mod', 'admin']
在上面的自定义TokenHasAtLeastOneScope
中,代码类似于TokenHasScope
. 唯一改变的行是
for given_scope in required_scopes:
if token.is_valid([given_scope]):
return True
哪个循环遍历required_scopes
列表中的项目,如果找到有效范围,则返回 True。