Django Tastypie用戶對象授權 - Django Tastypie User Objects Only Authorization -开发者知识库

Django Tastypie用戶對象授權 - Django Tastypie User Objects Only Authorization -开发者知识库,第1张

I want to use Tastypie authorization to give users access to only their objects. However, I am having problems understanding if I am doing it correctly. I followed the example here:

我想使用Tastypie授權來授予用戶僅訪問其對象的權限。但是,如果我正確地理解它,我會遇到問題。我按照這里的例子:

http://django-tastypie.readthedocs.org/en/latest/authorization.html#implementing-your-own-authorization

http://django-tastypie.readthedocs.org/en/latest/authorization.html#implementing-your-own-authorization

When I try to create a new object, I get a 404 error because there are problems evaluating

當我嘗試創建一個新對象時,我收到404錯誤,因為評估存在問題

def create_detail(self, object_list, bundle):
    return bundle.obj.user == bundle.request.user

Everything works if I comment that out. I thought commenting those two lines out would allow the user to create objects for other users, but when I tried it, I correctly get a 401 (UNAUTHORIZED) response.

如果我發表評論,一切都會奏效。我認為將這兩行注釋掉將允許用戶為其他用戶創建對象,但是當我嘗試它時,我正確地獲得了401(UNAUTHORIZED)響應。

Does that mean those two lines are unnecessary? How is Tastypie able to correctly determine if I am authorized to create objects?

這是否意味着這兩行是不必要的? Tastypie如何正確判斷我是否有權創建對象?

When I was running this, I sent a POST request with 'user' equal to the appropriate URI (something like '/api/v1/user/1/'). I'm not sure if Tastypie is having problems determining

當我運行這個時,我發送了一個POST請求,其中'user'等於相應的URI(類似'/ api / v1 / user / 1 /')。我不確定Tastypie是否有問題

bundle.obj.user

when I do it that way.

當我這樣做的時候。

Is it safe to just leave those two lines commented out? Is Tastypie authorizing the user with one of the other methods?

將這兩行注釋掉是否安全? Tastypie是否使用其他方法之一授權用戶?

2 个解决方案

#1


0  

try:

嘗試:

def create_detail(self, object_list, bundle):
    return bundle.obj == bundle.request.user

最佳答案:

本文经用户投稿或网站收集转载,如有侵权请联系本站。

发表评论

0条回复