目的:在用户请求各种接口时验证role字段是否不为user
1.创建 装饰器 decorators.py
from django.http import JsonResponse
from functools import wrapsfrom utils.token import get_userid
from yshop.models import MyUser
def check_role(view_func):
@wraps(view_func)
def wrapper(request, *args, **kwargs):
user_token = args[0].META.get('HTTP_AUTHORIZATION')
user_id = get_userid(user_token)
try:
user_info = MyUser.objects.get(user_id=user_id)
if user_info.role != 'user':
return view_func(request, *args, **kwargs)
else:
return JsonResponse({'code': 403, 'msg': '权限错误!'})
except Exception as e:
return JsonResponse({'code': 405, 'msg': '未知错误,请联系管理员!'})
return wrapper
2.在需要校验的地方引用 @check_role
class DataStatistics(APIView):
@check_role
def post(self, request):
''' 其他代码 '''
return Response({'code': 200, 'msg': "数据查询成功!"})
如上,对post方法进行role权限校验