我正在用Django Rest框架编写一个应用程序。
我创建了一个自定义权限,并为自定义权限提供了一个message
属性,但仍然返回默认的详细信息。
我给予你我的密码。permissions.py
:
from annoying.functions import get_object_or_None
from rest_framework import permissions
from intquestions.models import IntQuestion
from ..models import Candidate, CandidatePickedIntChoice
CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."
class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
"""
Permission to check if the candidate has answered all questions.
Expects candidate's email or UUID in the request's body.
"""
message = CANDIDATE_ALREADY_ANSWERED
def has_permission(self, request, view):
candidate = None
email = request.data.get("email", None)
if email:
candidate = get_object_or_None(Candidate, email=email)
else:
uuid = request.data.get("candidate", None)
if uuid:
candidate = get_object_or_None(Candidate, uuid=uuid)
if candidate:
picked_choices = CandidatePickedIntChoice.objects.filter(
candidate=candidate
).count()
total_int_questions = IntQuestion.objects.count()
if picked_choices >= total_int_questions:
return False
return True
views.py
:
from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response
from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer
class CandidateCreateAPIView(generics.CreateAPIView):
serializer_class = CandidateSerializer
queryset = Candidate.objects.all()
permission_classes = (CandidateAnsweredQuestionsPermission,)
def create(self, request, *args, **kwargs):
candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
if not candidate:
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
else:
serializer = self.get_serializer(candidate, data=request.data)
serializer.is_valid(raise_exception=True)
return Response(serializer.data, status=status.HTTP_200_OK)
**注:**我正在开发的应用程序允许候选人回答问题。我之所以像这样覆盖创建函数,是为了让尚未完成所有问题的候选人仍然能够回答所有问题。
为什么权限消息是默认的"Authentication credentials were not provided."
而不是我自己的?
5条答案
按热度按时间fwzugrvs1#
消息
Authentication credentials were not provided.
指出,您***未获得凭据***。它与*凭据错误*消息不同接下来,
BasePermission
类没有属性message
,因此除非您强制,否则它不会使用您的message
属性。(源代码)如何显示自定义
PermissionDenied
消息?从视图集上的**
permission_denied()
**方法引发的PermissionDenied
异常(源代码)所以你的观点应该是,
kmb7vmvb2#
根据Tom Christie(DRF的作者):
如果您不想运行“unauthenticated vs permission denied”检查,我建议显式地引发
PermissionDenied
。他并没有明确指出最好的地方在哪里。公认的答案似乎是在视图中。然而,恕我直言,我觉得最好的地方是在自定义
Permission
类本身,因为一个视图可以有多个权限,其中任何一个都可能失败。下面是我的建议(为简洁起见,代码被截断):
e5nszbig3#
我也有同样的问题,最后我找到了关键:
不要使用任何认证
puruo6ea4#
我遇到了同样的问题,我找到了一个解决方案,你甚至不需要AllowAny权限,只需将
authentication_classes
设置为一个空数组,例如:希望还能帮上忙。
7vhp5slm5#
settings.py
在我的情况下,这个解决方案是有效的。