什么是动态DRFPython API 接口权限控制思路

 1 import requests
 2 from config import AUTHENTICATE_URL
 3 from rest_framework import permissions
 4 from rest_framework.exceptions import PermissionDenied, AuthenticationFailed
 5 
 6 # URL(ViewSet) 权限配置
 7 URL_PERMISSION = {
 8     "pipelines": {
 9         "test_pipeline": "account.dev_audit",
10         "list": "account.test_audit",
11         "create": "account.yw_audit",
12         "retrieve": "",
13     },
14     # "sub_pipelines": {
15     #     "test_pipeline": "account.dev_audit",
16     #     "list": "account.test_audit",
17     #     "create": "account.yw_audit",
18     # }
19 }
20 
21 
22 class LoginPermission(permissions.BasePermission):
23     """
24     登录验证
25     """
26 
27     def has_permission(self, request, view):
28         # Read permissions are allowed to any request,
29         # so we'll always allow GET, HEAD or OPTIONS requests.
30         # print(request.method)
31         # if request.method == "POST":
32         #     return False
33         #
34         #     # 只有该snippet的所有者才允许写权限。
35         # return False
36 
37         token = request.META.get("HTTP_AUTHORIZATION", "").replace("JWT ", '')
38         data = requests.post(AUTHENTICATE_URL + "/api/account/verify/", json={"token": token})
39         if data.status_code != 404:
40             raise AuthenticationFailed("登录验证失败")
41         return True
42 
43 
44 class UrlPermission(permissions.BasePermission):
45     """
46     URL 权限验证
47     """
48 
49     def has_permission(self, request, view):
50         # Read permissions are allowed to any request,
51         # so we'll always allow GET, HEAD or OPTIONS requests.
52         # print(request.method)
53         # if request.method == "POST":
54         #     return False
55         #
56         #     # 只有该snippet的所有者才允许写权限。
57         # return False
58         token = request.META.get("HTTP_AUTHORIZATION", "").replace("JWT ", '')
59         print("==========通过视图的basename,action进行权限认证==========")
60         print(view.basename, view.action)
61         print("==========")
62         if view.basename in URL_PERMISSION.keys():
63             if view.action in URL_PERMISSION[view.basename].keys():
64                 print(URL_PERMISSION[view.basename][view.action])
65                 data = requests.post(AUTHENTICATE_URL + "/api/account/verify/",
66                                      json={"token": token, "perm_code": URL_PERMISSION[view.basename][view.action]})
67                 if data.status_code != 404:
68                     raise PermissionDenied("访问权限不合法")
69 
70         return True