python - JWT, django如何定制关于用户的Permission？

Question

使用基于cookies的验证时，写了这样一个Permission

class IsAuthenticatedAndStudentOwner(BasePermission):
    message = 'You must be a student.'
    def has_permission(self, request, view):

        return request.user.is_authenticated() and smart_str(request.user.identity) == '学生'

    def has_object_permission(self, request, view, obj):

        return obj.student.user == request.user

当我使用jwt验证后，登录返回一个token，不运行login(request, user)，也就是request.user是AnonymousUser.

# login(request, user_obj)
payload = jwt_payload_handler(user_obj)
token = jwt_encode_handler(payload)
data['token'] = token
return data

那么我该怎么修改这个Permission呢，求解。

Answer 1

jwt的验证，你是通过headerORcookie的方式传递的？
define another method in class IsAuthenticatedAndStudentOwner

def is_authenticated(self, request, view):
    if using cookie:
        return request.user.is_authenticated()
    elseif jwt:
        ...

def has_permission(self, request, view):

    return self.is_authenticated(request, view) and smart_str(request.user.identity) == '学生'

    

Answer 2

You can also open it using jwtlogin(request, user_obj) ah

The back-end user still exists in the request, but when using jwt, the django template is no longer used, and the user cannot be used freely in the page

I will write this soon, please continue to pay attention to the exchange