zoukankan      html  css  js  c++  java
  • 五 .Django---framework框架 权限组件

    一 . 权限组件

    https://www.cnblogs.com/pythonywy/p/11492877.html     drf框架中认证与权限工作原理及设置

    
    
    from rest_framework.views import APIView  源码中
     self.check_permissions(request)    # 权限组件      必须是    



    def has_permission
    ():
    pass
    
    

    1.局部权限组件

    model

    from
    django.db import models # Create your models here. class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) type_choices=((1,"普通用户"),(2,"VIP"),(3,"SVIP")) user_type=models.IntegerField(choices=type_choices,default=1) class Token(models.Model): user=models.OneToOneField("User") token = models.CharField(max_length=128) def __str__(self): return self.token class Book(models.Model): title=models.CharField(max_length=32) price=models.IntegerField() pub_date=models.DateField() publish=models.ForeignKey("Publish") authors=models.ManyToManyField("Author") def __str__(self): return self.title class Publish(models.Model): name=models.CharField(max_length=32) email=models.EmailField() def __str__(self): return self.name class Author(models.Model): name=models.CharField(max_length=32) age=models.IntegerField() def __str__(self): return self.name
    viwes
    from django.shortcuts import render, HttpResponse from django.views import View from rest_framework.response import Response from .models import * from rest_framework.views import APIView from rest_framework import exceptions from rest_framework.authentication import BaseAuthentication from .models import * # 序列化 class BookModelSerializers(serializers.ModelSerializer): class Meta: model = Book fields = "__all__" # # publish=serializers.CharField(source="publish.pk") # publish = serializers.HyperlinkedIdentityField( # view_name="detailpublish", # lookup_field="publish_id", # lookup_url_kwarg="pk", # # ) # 认证组件 class TokenAuth(BaseAuthentication): def authenticate(self, request): token = request.GET.get("token") token_obj = Token.objects.filter(token=token).first() if not token_obj: raise exceptions.AuthenticationFailed("验证失败!") else: return token_obj.user.name, token_obj.token # 权限组件 class SVIPPermission(object): message = "只有超级用户才能访问" def has_permission(self, request, view): username = request.user user_type = User.objects.filter(name=username).first().user_type if user_type == 3: return True # 通过权限认证 else: return False class BookView(APIView): authentication_classes = [TokenAuth,] # [TokenAuth(),] 认证组件局部 permission_classes = [SVIPPermission,] # 权限组件局部 # throttle_classes = [] def get(self, request): print("request.user", request.user) print("request.auth", request.auth) print("_request.body", request._request.body) print("_request.GET", request._request.GET) book_list = Book.objects.all() bs = BookModelSerializers(books_page, many=True, context={'request': request}) return Response(bs.data)
       url(r'^books/$', views.BookView.as_view(),name="books"),

     2.全局权限组件

    utils.py

    from
    rest_framework import exceptions from rest_framework.authentication import BaseAuthentication from .models import * # 认证组件 class TokenAuth(BaseAuthentication): def authenticate(self,request): token = request.GET.get("token") token_obj = Token.objects.filter(token=token).first() if not token_obj: raise exceptions.AuthenticationFailed("验证失败!") else: return token_obj.user.name,token_obj.token # 权限组件 class SVIPPermission(object): message="只有超级用户才能访问" def has_permission(self,request,view): username=request.user user_type=User.objects.filter(name=username).first().user_type if user_type==3: return True # 通过权限认证 else: return False
    settings.py配置如下:

    REST_FRAMEWORK = { "DEFAULT_AUTHENTICATION_CLASSES": ["myapp.utils.TokenAuth",], "DEFAULT_PERMISSION_CLASSES": ["myapp.utils.SVIPPermission",], }
    在app01.service.permissions.py中:
    
    from rest_framework.permissions import BasePermission
    class SVIPPermission(BasePermission):
        message="SVIP才能访问!"
        def has_permission(self, request, view):
            if request.user.user_type==3:
                return True
            return False
    
    views.py:
    from app01.service.permissions import * class BookViewSet(generics.ListCreateAPIView): permission_classes = [SVIPPermission,] queryset = Book.objects.all() serializer_class = BookSerializers
    全局视图权限 settings.py配置如下: REST_FRAMEWORK
    ={ "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",], "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",] }
  • 相关阅读:
    实现用户注册验证码
    自带的打印预览
    分页存储过程
    文章标题、内容、摘要的处理函数
    ASP常用函数收藏
    生活中的经典感人语句
    如何在某一数据库的所有表的所有列上搜索一个字符串?
    如何访问隐藏的列表 workflow history list
    Windows Server 2008下如果什么操作没能正常完成, 请尝试run as administrator
    Visual Studio Build Marcos
  • 原文地址:https://www.cnblogs.com/lovershowtime/p/11651675.html
Copyright © 2011-2022 走看看