0
Привет Я следую this Пример использования DjangoObjectPermissionsFilter.Как настроить DjangoObjectPermissions?
Я хочу создать class SampleModelPermissions(permissions.DjangoObjectPermissions) так, чтобы он удовлетворял следующее описание в моем «самодокументированного» ФПИ API:
Это мой код:
в models.py:
class Sample(models.Model):
created = models.DateTimeField(default=datetime.datetime.utcnow, blank=True, null=True)
last_modified = models.DateTimeField(default=datetime.datetime.utcnow, blank=True, null=True)
owner = models.ForeignKey(User, blank=True, null=True, related_name='sample_owner')
text = models.TextField(default='', blank=True, null=True)
class Meta:
permissions = (
('view_sample', "can view sample"),
)
def __unicode__(self):
return self.text
def __str__(self):
return self.text
в views.py:
class SampleViewSet(viewsets.ModelViewSet):
'''
* Model Description: Sample is a sample model.
* CRUD on Sample model
* C - CREATE - POST /sample/ - allowed as long as owner is the user creating the object
* R - READ - GET /sample/ (list) - user can see objects it owns
* R - READ - GET /sample/[id]/ (detail) - user can see detail page of objects it owns
* U - UPDATE - PATCH /sample/[id]/ - allowed for owner
* D - DELETE - DELETE /sample/[id]/ - allowed for owner
* Note in the case of a nested model A where a field f points to an instance of another model B, you can set f's value to an instance b of B by PATCHing or POSTing with f_id = [the id of b]. Yes, whenever f points to a foreign model, f is read only and f_id is write only.
'''
queryset = Sample.objects.all()
filter_backends = (DjangoFilterBackend, SearchFilter, OrderingFilter, DjangoObjectPermissionsFilter,)
permission_classes = (SampleModelPermissions,)
filter_fields = '__all__'
serializer_class = SampleSerializer
в permisions.py
class SampleModelPermissions(permissions.DjangoObjectPermissions):
perms_map = {
'GET': ['%(app_label)s.view_%(model_name)s'],
'OPTIONS': ['%(app_label)s.view_%(model_name)s'],
'HEAD': ['%(app_label)s.view_%(model_name)s'],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
}
logger.info('in SampleModelPermissions')
def has_object_permission(self, request, view, obj):
logger.info('in SampleModelPermissions has_object_permission')
print 'permissions.SAFE_METHODS: ', permissions.SAFE_METHODS
if request.method in permissions.SAFE_METHODS:
return request.user == obj.owner or True # need to modify so can see own stuff
elif request.method == 'POST':
print 'checking if user has perm to create obj'
return True # request.user == obj.owner
elif request.method == 'PATCH':
return request.user == obj.owner
elif request.method == 'DELETE':
return request.user == obj.owner
return False
Но я получаю следующее POSTMAN:
Любые советы о том, что я должен делать, чтобы получить свой API разрешений на работу, поскольку я описываю их в самодокументации?