1.示例
from rest_framework.permissions import BasePermission
from django.conf import settingsclass RbacPermission(BasePermission):message = "无权访问"def has_permission(self, request, view):# 1.当前用户的角色user_role = request.user.role# 2.当前用户=角色拥有的所有权限# {# "user-list": ["get", 'post'],# "user-detail": ["get", 'post', 'put', 'delete'],# }user_total_permissions = settings.PERMISSIONS[user_role]# 3.当前用户请求的路由信息router_name = request.resolver_match.view_namemethod = request.method.lower()method_list = user_total_permissions.get(router_name)if not method_list:return Falseif method not in method_list:return Falsereturn True
2.全局应用
全局应用全局应用权限组件,login路由中设置authentication_classes = []
REST_FRAMEWORK = {"UNAUTHENTICATED_USER": None,"UNAUTHENTICATED_TOKEN": None,"DEFAULT_AUTHENTICATION_CLASSES": ["utils.auth.RbacAuthentication"],"DEFAULT_PERMISSION_CLASSES": ["utils.permission.RbacPermission"],"EXCEPTION_HANDLER": "utils.view.exception_handler"
}