权限应用于整个View类,但是您可以在授权决策中考虑请求的各个方面(例如GET或POST之类的方法)。
参见内置IsAuthenticatedOrReadOnly
示例:
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
class IsAuthenticatedOrReadOnly(BasePermission):
"""
The request is authenticated as a user, or is a read-only request.
"""
def has_permission(self, request, view):
if (request.method in SAFE_METHODS or
request.user and
request.user.is_authenticated()):
return True
return False