I'm using rest_condition within Django Rest Framework. If any of my conditions fail I require access to be denied. I declared my first permission on the view like so:

我在Django Rest Framework中使用rest_condition。如果我的任何条件失败,我要求拒绝访问。我在视图上宣布了我的第一个许可:

permission_condition = CustomPermissions

Which overrides DRF permission methods has_permission and has_object_permission.

其中覆盖DRF权限方法has_permission和has_object_permission。

CustomPermissions:

 def has_permission(self, request, view):
     return True

 def has_object_permission(self, request, view, obj):
     return False

This works when accessing a detail endpoint:

这在访问详细端点时有效:

Results:

> CustomPermissions
     - has_permission = True
     - has_object_permission = False
Result Expected Access defined : Actual Result Access defined - worked

However, When I add a second permission I don't get the desired outcome. I am expecting it to be, why?

但是,当我添加第二个权限时,我没有得到预期的结果。我期待它,为什么?

permission_condition = (C(permissions.IsAdminUser) | C(CustomPermissions))

IsAdminUser

def has_permission(self, request, view):
    return False

Results:

> CustomPermissions
     - has_permission = True
     - has_object_permission = False
> IsAdminUser
     - True
Result Expected Access defined : Actual Result Access to view granted. 

One can assume my logic or understanding of the conditions in permission_condition is incorrect.

可以假设我对permission_condition中的条件的逻辑或理解是不正确的。

1 个解决方案

permission_condition = (C(permissions.IsAdminUser) & C(CustomPermissions))

#1

permission_condition = (C(permissions.IsAdminUser) & C(CustomPermissions))