我有一个用户创建的对象,当其他用户试图访问该对象时,它不应该允许它。我希望Django会以you are not authenticated的形式抛出错误注销后,当匿名用户试图访问对象Django时,会抛出如下所述的错误。
错误
TypeError at /PoUserTracking/
Field 'id' expected a number but got <django.contrib.auth.models.AnonymousUser object at 0x0445F160>.
VIEWS.PY
class PoUserTracking(generics.ListAPIView):
serializer_class = NewPoSerializer
permission_classes = [IsAuthor]
def get_queryset(self):
user = self.request.user
return Po.objects.filter(user=user)
许可证.PY
class IsAuthor(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
return obj.author == request.user
您需要首先检查用户是否通过了身份验证
from rest_framework import permissions
class IsAuthor(permissions.IsAuthenticated):
def has_object_permission(self, request, view, obj):
return self.has_permission(request, view) and obj.author == request.user只需发出请求.user.id//这肯定会得到解决。。