Permissions components
First, the authority introduced
Only users with permissions to specified data, the average user can not access
Second, topical
- A custom class that inherits BasePermission
class Mypermision(BasePermission):
message='不是超级用户不能看'
def has_permission(self, request, view):
if request.user.user_type == 1:
return True
else:
return False
- View layer function
class Books(APIView):
authentication_classes = [MyAuth,]
permission_classes = [Mypermision,]
def get(self,request):
return Response('返回了所有书籍')
Third, the global use: Profile
REST_FRAMEWORK={
"DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",],
"DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",]
}