28 lines
730 B
Python
28 lines
730 B
Python
"""
|
|
权限控制
|
|
"""
|
|
from rest_framework.permissions import BasePermission
|
|
|
|
|
|
class IsAdmin(BasePermission):
|
|
"""管理员权限"""
|
|
def has_permission(self, request, view):
|
|
return request.user and request.user.is_authenticated and request.user.is_staff
|
|
|
|
|
|
class IsOwner(BasePermission):
|
|
"""资源所有者权限"""
|
|
def has_object_permission(self, request, view, obj):
|
|
# 假设对象有user字段
|
|
if hasattr(obj, 'user'):
|
|
return obj.user == request.user
|
|
if hasattr(obj, 'owner'):
|
|
return obj.owner == request.user
|
|
return False
|
|
|
|
|
|
class AllowAny(BasePermission):
|
|
"""允许任何访问"""
|
|
def has_permission(self, request, view):
|
|
return True
|