zoukankan      html  css  js  c++  java
  • restfulframework--权限源码流程

    定义:

    判断用户是否拥有权限,有则放行,与django的中间件没有冲突,

    只是对某个或某类用户定制专有的权限,可在中间件的基础上再加上某些判定.

    源码流程:

    1,所有函数进来首先走def dispatch函数.

    def dispatch(self, request, *args, **kwargs):
            self.kwargs = kwargs
            request = self.initialize_request(request, *args, **kwargs)  #封装request,返回Request
            self.request = request
            self.headers = self.default_response_headers  ##返回头部
            try:
                self.initial(request, *args, **kwargs)  # 在这里调用版本控制,权限控制,用户控制,还有用户限流
                # Get the appropriate handler method
                if request.method.lower() in self.http_method_names:
                    handler = getattr(self, request.method.lower(),
                                      self.http_method_not_allowed)
                else:
                    handler = self.http_method_not_allowed
                response = handler(request, *args, **kwargs)
            except Exception as exc:
                response = self.handle_exception(exc)
            self.response = self.finalize_response(request, response, *args, **kwargs)
            return self.response
    def dispatch
    2,调用initial函数.
    def initial(request, *args, **kwargs)
        self.format_kwarg = self.get_format_suffix(**kwargs)
            neg = self.perform_content_negotiation(request)
            request.accepted_renderer, request.accepted_media_type = neg
    
            # Determine the API version, if versioning is in use.
            version, scheme = self.determine_version(request, *args, **kwargs) #版本控制
            request.version, request.versioning_scheme = version, scheme
    
            # Ensure that the incoming request is permitted
            self.perform_authentication(request) #用户认证
            self.check_permissions(request)     #权限验证
            self.check_throttles(request)       #访问频率控制
    def initial
    3,执行self.check_permissions(request)
    def check_permissions(self, request):
            for permission in self.get_permissions():  #实例化对象列表
                if not permission.has_permission(request, self):
                    self.permission_denied(
                        request, message=getattr(permission, 'message', None)
                    )
    def check_permissions()
    4,实例化对象列表self.get_permissions()
    def get_permissions(self):
            return [permission() for permission in self.permission_classes]
    def get_permissions(self):
    5,从self.permission_classes拿值
    class APIView(View):
        permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
    6,执行api_settings
    api_settings = APISettings(None, DEFAULTS, IMPORT_STRINGS)

    7,实例化APISettings,并且因为api_settings.DEFAULT_PERMISSION_CLASSES,
    所以调用APISettings的__getattr__方法.
    class APISettings(object):
            def __getattr__(self, attr):
            if attr not in self.defaults:
                raise AttributeError("Invalid API setting: '%s'" % attr)
            try:
                val = self.user_settings[attr]  #user_settings在这里是None
            except KeyError:
                val = self.defaults[attr]   #user_settings没有值所以调用这里.
            if attr in self.import_strings:
                val = perform_import(val, attr)
            # Cache the result
            self._cached_attrs.add(attr)   #加到集合里,去重
            setattr(self, attr, val)       #设置
            return val                     #
    class APISettings(object):
    获取配置文件的所有信息,并返回给对象列表,等待遍历.

    8,遍历对象列表并且判断是否返回False,如果是True则没有后续.
    如果返回False则运行里面内容
    if not permission.has_permission(request, self):
                    self.permission_denied(
                        request, message=getattr(permission, 'message', None)
                    )
    if not permission.has_permission
    9,如果没有这个权限就执行里面的permission_denied,也就是报错的信息
    self.permission_denied(
                        request, message=getattr(permission, 'message', None)
                    )
    self.permission_denied
    10,这里区别报错的信息,这里的错误信息可以通过前面传message重写信息
    def permission_denied(self, request, message=None):
            #如果request.user有值
            if request.authenticators and not request.successful_authenticator:
                raise exceptions.NotAuthenticated()  #
            raise exceptions.PermissionDenied(detail=message)
    def permission_denied(self, request, message=None):
     
  • 相关阅读:
    人工智能背后的故事
    idea 开发插件。
    安卓工作室 Android studio 或 Intellij IDEA 美化 修改 汉化 酷炫 装逼 Android studio or Intellij IDEA beautify modify Chinesization cool decoration
    安卓工作室 android studio文件和代码模板,以及汉化出错问题
    安卓工作室 android studio 汉化后,报错。 设置界面打不开。Can't find resource for bundle java.util.PropertyResourceBundle, key emmet.bem.class.name.element.separator.label
    android studio的汉化 教程 及解析
    安卓工作室Android Studio 快捷键
    安卓工作室 android studio 的 汉化 美化 定制 Android studio's Chinesization beautification customization
    VR开发 VR development
    Lakeshore 中文开发界面,示例项目,飞机大战 等 Lakeshore Chinese development interface, sample project, aircraft war, etc
  • 原文地址:https://www.cnblogs.com/52forjie/p/8423216.html
Copyright © 2011-2022 走看看