目的:在用户请求各种接口时验证role字段是否不为user
1.创建 装饰器 decorators.py
from django.http import JsonResponse from functools import wrapsfrom utils.token import get_userid from yshop.models import MyUser def check_role(view_func): @wraps(view_func) def wrapper(request, *args, **kwargs): user_token = args[0].META.get('HTTP_AUTHORIZATION') user_id = get_userid(user_token) try: user_info = MyUser.objects.get(user_id=user_id) if user_info.role != 'user': return view_func(request, *args, **kwargs) else: return JsonResponse({'code': 403, 'msg': '权限错误!'}) except Exception as e: return JsonResponse({'code': 405, 'msg': '未知错误,请联系管理员!'}) return wrapper
2.在需要校验的地方引用 @check_role
class DataStatistics(APIView): @check_role def post(self, request): ''' 其他代码 ''' return Response({'code': 200, 'msg': "数据查询成功!"})
如上,对post方法进行role权限校验