在基于 django rest 类的视图中允许不同类型的用户使用不同的视图

Question

如何使用基于类的视图编写以下视图？

@api_view(['GET', 'POST'])
def hotel_list(request):
    # List all hotel or add new .
    if request.method == 'GET':
        if request.user.is_authenticated:
            # Allow GET request for all authenticated users
            hotels = models.Hotel.objects.all()
            serializer = serializers.HotelSerializer(hotels, many=True)
            return Response(serializer.data)
        return Response({"message": "not authorized"}, status=status.HTTP_401_UNAUTHORIZED)

    elif request.method == 'POST':
        if request.user.is_superuser:
            # Allow POST method for super users only
            serializer = serializers.HotelSerializer(data=request.data)
            if serializer.is_valid():
                serializer.save()
                return Response(serializer.data, status=status.HTTP_201_CREATED)

            else:
                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
        return Response({"message": "not authorized"}, status=status.HTTP_401_UNAUTHORIZED)

我想为不同的用户组授予不同的权限。

Answer 1

首先创建custom-permissions

permissions.py

class CreateAdminOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        if request.method == 'POST':
            return request.user.is_superuser
        return request.user.is_authenticated

    def has_object_permission(self, request, view, obj):
        if request.method == 'POST':
            return request.user.is_superuser
        return request.user.is_authenticated

在views.py中与modelviewset一起使用

from rest_framework import mixins
from rest_framework.permissions import IsAuthenticated

from .permissions import CreateAdminOnly

class CreateListRetrieveViewSet(mixins.CreateModelMixin,
                                mixins.ListModelMixin,
                                viewsets.GenericViewSet):

    queryset = models.Hotel.objects.all()
    serializer_class = HotelSerializer
    permission_classes = [CreateAdminOnly]