1.在视图类里添加权限组件
class BookView(APIView): authentication_classes = [UserAuth] permission_classes = [SVIPPermission] def get(self,request): """ 查看所有书籍 :param request: :return: """ book_list=Book.objects.all() serializer= BookSerializer(book_list,many=True) return Response(serializer.data) def post(self,request): """ 添加一条书籍 :param request: :return: """ serializer=BookSerializer(data=request.data,many=True) if serializer.is_valid(): serializer.save()#create操作. return Response(serializer.data) else: return Response(serializer.errors)
2.设置权限类
from rest_framework.permissions import AllowAny class SVIPPermission(object): message="您没有权限访问该资源" def has_permission(self,request,view): if request.user.user_type>=1: return True return False
3. 设置全局类权限
REST_FRAMEWORK={ 'DEFAULT_AUTHENTICATION_CLASSES': ( 'app01.utils.auth_class.UserAuth', ), 'DEFAULT_PERMISSION_CLASSES': ( 'app01.utils.svippermission.SVIPPermission', ), }
4.查看效果
