forked from mirror/MrDoc
31 lines
867 B
Python
31 lines
867 B
Python
# coding:utf-8
|
||
# @文件: permissions.py
|
||
# @创建者:州的先生
|
||
# #日期:2020/5/11
|
||
# 博客地址:zmister.com
|
||
|
||
from rest_framework.permissions import BasePermission,SAFE_METHODS
|
||
|
||
|
||
class AppPermission(BasePermission):
|
||
message = '只有VIP才能访问'
|
||
|
||
def has_permission(self, request, view):
|
||
# vip才有访问权限
|
||
# request.user:当前经过认证的用户对象
|
||
# 如果没有认证 request.user就是匿名用户
|
||
if not request.auth:
|
||
# 认证没有通过
|
||
return False
|
||
if request.user.vip:
|
||
return True
|
||
else:
|
||
return False
|
||
|
||
def has_object_permission(self, request, view, obj):
|
||
|
||
if request.method in SAFE_METHODS:
|
||
return True
|
||
|
||
# 示例必须要有一个名为`owner`的属性
|
||
return obj.owner == request.user |