I have a modelviewset like this:
class MeetingViewSet(viewsets.ModelViewSet):
queryset = Meeting.objects.all()
serializer_class = MeetingSerializer
permission_classes =[IsAuthenticated & IsInvited | IsOwner]
and permissions:
class IsInvited(BasePermission):
message = 'you must have been invited to see this meeting'
def has_object_permission(self, object, request, view):
if self.request.method == 'GET' and object.is_invited(self.request.user):
return True
return False
class IsOwner(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_authenticated
def has_object_permission(self, object, request, view):
if self.request.user == object.host:
return True
return False
but i got this error :
Internal Server Error: /api/meetings/1/
Traceback (most recent call last):
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view
return self.dispatch(request, *args, **kwargs)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch
response = self.handle_exception(exc)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception
self.raise_uncaught_exception(exc)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
raise exc
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/mixins.py", line 54, in retrieve
instance = self.get_object()
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/generics.py", line 99, in get_object
self.check_object_permissions(self.request, obj)
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/views.py", line 345, in check_object_permissions
if not permission.has_object_permission(request, self, obj):
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/permissions.py", line 81, in has_object_permission
self.op1.has_object_permission(request, view, obj) or
File "/home/admin1/envs/myvenv/lib/python3.8/site-packages/rest_framework/permissions.py", line 64, in has_object_permission
self.op2.has_object_permission(request, view, obj)
File "/home/admin1/mizbanproject/mizban_events/meeting/api/permissions.py", line 14, in has_object_permission
return request.method == 'GET' and object.is_invited(request.user)
AttributeError: 'MeetingViewSet' object has no attribute 'method'
IsOwner works perfectly and i only got this error in IsInvited, i am confused and don't know how to solve this bug .
The has_object_permission method can not use self.request to obtain the request, since a BasePermission does not contain the request: the request is passed as a parameter, so you can implement this wsith:
def has_object_permission(self, request, view, object):
return request.method == 'GET' and object.is_invited(request.user)
# ↑ no self.request ↑The order of the parameters is also different: it is self, object, view and rquest.
Your permissions thus can look like:
class IsInvited(BasePermission):
message = 'you must have been invited to see this meeting'
def has_object_permission(self, request, view, object):
if return request.method == 'GET' and object.is_invited(request.user)
class IsOwner(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_authenticated
def has_object_permission(self, request, view, object):
return request.user == object.host