Django Rest框架自定义权限的消息未显示

bnlyeluc 于 2023-02-14 发布在 Go

关注(0)|答案(5)|浏览(112)

我正在用Django Rest框架编写一个应用程序。
我创建了一个自定义权限，并为自定义权限提供了一个message属性，但仍然返回默认的详细信息。
我给予你我的密码。
permissions.py：

from annoying.functions import get_object_or_None
from rest_framework import permissions

from intquestions.models import IntQuestion

from ..models import Candidate, CandidatePickedIntChoice

CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."

class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
    """
    Permission to check if the candidate has answered all questions.
    Expects candidate's email or UUID in the request's body.
    """
    message = CANDIDATE_ALREADY_ANSWERED

    def has_permission(self, request, view):
        candidate = None
        email = request.data.get("email", None)
        if email:
            candidate = get_object_or_None(Candidate, email=email)
        else:
            uuid = request.data.get("candidate", None)
            if uuid:
                candidate = get_object_or_None(Candidate, uuid=uuid)

        if candidate:
            picked_choices = CandidatePickedIntChoice.objects.filter(
                candidate=candidate
            ).count()
            total_int_questions = IntQuestion.objects.count()

            if picked_choices >= total_int_questions:
                return False

        return True

views.py：

from annoying.functions import get_object_or_None
from rest_framework import generics, status
from rest_framework.response import Response

from ..models import Candidate, CandidatePickedIntChoice
from .permissions import CandidateAnsweredQuestionsPermission
from .serializers import CandidateSerializer

class CandidateCreateAPIView(generics.CreateAPIView):
    serializer_class = CandidateSerializer
    queryset = Candidate.objects.all()
    permission_classes = (CandidateAnsweredQuestionsPermission,)

    def create(self, request, *args, **kwargs):
        candidate = get_object_or_None(Candidate, email=request.data.get("email", None))
        if not candidate:
            serializer = self.get_serializer(data=request.data)
            serializer.is_valid(raise_exception=True)
            self.perform_create(serializer)
            headers = self.get_success_headers(serializer.data)
            return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
        else:
            serializer = self.get_serializer(candidate, data=request.data)
            serializer.is_valid(raise_exception=True)
            return Response(serializer.data, status=status.HTTP_200_OK)

**注：**我正在开发的应用程序允许候选人回答问题。我之所以像这样覆盖创建函数，是为了让尚未完成所有问题的候选人仍然能够回答所有问题。

为什么权限消息是默认的"Authentication credentials were not provided."而不是我自己的？

django

来源：https://stackoverflow.com/questions/53036032/django-rest-framework-custom-permissions-message-not-shown

5条答案

按热度按时间

fwzugrvs1#

消息Authentication credentials were not provided.指出，您***未获得凭据***。它与*凭据错误*消息不同
接下来，BasePermission类没有属性message，因此除非您强制，否则它不会使用您的message属性。（源代码）

如何显示自定义PermissionDenied消息？

从视图集上的**permission_denied()**方法引发的PermissionDenied异常（源代码）
所以你的观点应该是，

from rest_framework import exceptions

class CandidateCreateAPIView(generics.CreateAPIView):
    # your code
    def permission_denied(self, request, message=None):
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
        raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)

赞(0）回复(0）举报 2023-02-14

kmb7vmvb2#

根据Tom Christie（DRF的作者）：
如果您不想运行“unauthenticated vs permission denied”检查，我建议显式地引发PermissionDenied。
他并没有明确指出最好的地方在哪里。公认的答案似乎是在视图中。然而，恕我直言，我觉得最好的地方是在自定义Permission类本身，因为一个视图可以有多个权限，其中任何一个都可能失败。
下面是我的建议（为简洁起见，代码被截断）：

from rest_framework import exceptions, permissions     # <-- import exceptions

CANDIDATE_ALREADY_ANSWERED = "This candidate already answered all questions."

class CandidateAnsweredQuestionsPermission(permissions.BasePermission):
    message = CANDIDATE_ALREADY_ANSWERED

    def has_permission(self, request, view):
        if picked_choices >= total_int_questions:
            raise exceptions.PermissionDenied(detail=CANDIDATE_ALREADY_ANSWERED)     # <-- raise PermissionDenied here

        return True

赞(0）回复(0）举报 2023-02-14

e5nszbig3#

我也有同样的问题，最后我找到了关键：
不要使用任何认证

REST_FRAMEWORK = {
    # other settings...
    'DEFAULT_AUTHENTICATION_CLASSES': [],
    'DEFAULT_PERMISSION_CLASSES': [],
}

赞(0）回复(0）举报 2023-02-14

puruo6ea4#

我遇到了同样的问题，我找到了一个解决方案，你甚至不需要AllowAny权限，只需将authentication_classes设置为一个空数组，例如：

class TestView(generics.RetrieveAPIView):
        
    renderer_classes = (JSONRenderer,)
    permission_classes = (isSomethingElse,)
    serializer_class = ProductSerializer
    authentication_classes = [] # You still need to declare it even it is empty
    
    
    def retrieve(self, request, *args, **kwargs):
        pass

希望还能帮上忙。

赞(0）回复(0）举报 2023-02-14

7vhp5slm5#

settings.py

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
    ],
    'DEFAULT_AUTHENTICATION_CLASSES': [

    ],
}

在我的情况下，这个解决方案是有效的。

赞(0）回复(0）举报 2023-02-14

我来回答

Django Rest框架自定义权限的消息未显示

5条答案

相关问题

热门标签

最新问答