zoukankan      html  css  js  c++  java
  • DRF框架之视图集、认证规则

    DRF框架之视图集、认证规则

    视图集与路由组件(开发最常用、最高级)

    视图集

    准备工作

    mdoels.py

    from django.db import models
    
    # 基类:是抽象的(不会完成数据库迁移),目的是提供共有字段的
    class BaseModel(models.Model):
        is_delete = models.BooleanField(default=False)
        updated_time = models.DateTimeField(auto_now_add=True)
    
        class Meta:
            abstract = True  # 必须完成该配置
    
    class Book(BaseModel):
        name = models.CharField(max_length=64)
        price = models.DecimalField(max_digits=5, decimal_places=2, null=True)
        image = models.ImageField(upload_to='img', default='img/default.png')
    
        publish = models.ForeignKey(to='Publish', related_name='books', db_constraint=False, on_delete=models.DO_NOTHING)
        authors = models.ManyToManyField(to='Author', related_name='books', db_constraint=False)
    
        @property  # @property字段默认就是read_only,且不允许修改
        def publish_name(self):
            return self.publish.name
    
        @property  # 自定义序列化过程
        def author_list(self):
            temp_author_list = []
            for author in self.authors.all():
                author_dic = {
                    "name": author.name
                }
                try:
                    author_dic['phone'] = author.detail.phone
                except:
                    author_dic['phone'] = ''
                temp_author_list.append(author_dic)
            return temp_author_list
    
    
    
    class Publish(BaseModel):
        name = models.CharField(max_length=64)
    
    
    class Author(BaseModel):
        name = models.CharField(max_length=64)
    
    
    class AuthorDetail(BaseModel):
        phone = models.CharField(max_length=11)
        author = models.OneToOneField(to=Author, related_name='detail', db_constraint=False, on_delete=models.CASCADE)
    

    serializers.py

    from rest_framework import serializers
    from . import models
    
    # 只有在资源需要提供群改,才需要定义ListSerializer,重写update方法
    class BookListSerializer(serializers.ListSerializer):
        def update(self, queryset, validated_data_list):
            return [
                self.child.update(queryset[index], validated_data) for index, validated_data in enumerate(validated_data_list)
            ]
    
    class BookModelSerializer(serializers.ModelSerializer):
        class Meta:
            list_serializer_class = BookListSerializer
            model = models.Book
            fields = ['name', 'price', 'image', 'publish', 'authors', 'publish_name', 'author_list']
            extra_kwargs = {
                'publish': {
                    'write_only': True
                },
                'authors': {
                    'write_only': True
                }
            }
    

    基于GenericAPIView十大接口

    十大接口:
    1)单查、群查、单增、单整体改、单局部改都可以直接使用

    2)单删不能直接使用,因为默认提供的功能是删除数据库数据,不是我们自定义is_delete字段值修改
    3)除了群查以为的接口,都要自己来实现

    注:给序列化类context赋值{‘request’: request},序列化类就可以自动补全后台图片链接

    from rest_framework.generics import GenericAPIView
    from rest_framework import mixins
    from . import models, serializers
    from rest_framework.response import Response
    
    class BookV1APIView(GenericAPIView,
                        mixins.RetrieveModelMixin,
                        mixins.ListModelMixin,
                        mixins.CreateModelMixin,
                        mixins.UpdateModelMixin):
    
        queryset = models.Book.objects.filter(is_delete=False).all()
        serializer_class = serializers.BookModelSerializer
    
        def get(self, request, *args, **kwargs):
            if 'pk' in kwargs:
                return self.retrieve(request, *args, **kwargs)  # 单查
    		
            # queryset = models.Book.objects.filter(is_delete=False).all()
            # 注:给序列化类context赋值{'request': request},序列化类就可以自动补全后台图片链接
            # serializer = serializers.BookModelSerializer(queryset, many=True, context={'request': request})
            # return Response(serializer.data)
            return self.list(request, *args, **kwargs)  # 群查
    
        def post(self, request, *args, **kwargs):
            if not isinstance(request.data, list):
                return self.create(request, *args, **kwargs)
    
            serializer = self.get_serializer(data=request.data, many=True)
            serializer.is_valid(raise_exception=True)
            self.perform_create(serializer)
            headers = self.get_success_headers(serializer.data)
            return Response(serializer.data, status=201, headers=headers)
    
        def delete(self, request, *args, **kwargs):
            pk = kwargs.get('pk')
            if pk:
                pks = [pk]
            else:
                pks = request.data
            try:
                rows = models.Book.objects.filter(is_delete=False, pk__in=pks).update(is_delete=True)
            except:
                return Response(status=400)
            if rows:
                return Response(status=204)
            return Response(status=400)
    
        def put(self, request, *args, **kwargs):
            if 'pk' in kwargs:
                return self.update(request, *args, **kwargs)
    
            pks = []
            try:
                for dic in request.data:
                    pks.append(dic.pop('pk'))
                objs = models.Book.objects.filter(is_delete=False, pk__in=pks)
                assert len(objs) == len(request.data)
            except:
                return Response(status=400)
            serializer = serializers.BookModelSerializer(instance=objs, data=request.data, many=True)
            serializer.is_valid(raise_exception=True)
            objs = serializer.save()
            return Response(serializers.BookModelSerializer(objs, many=True).data)
    
        def patch(self, request, *args, **kwargs):
            if 'pk' in kwargs:
                return self.partial_update(request, *args, **kwargs)
    
            pks = []
            try:
                for dic in request.data:
                    pks.append(dic.pop('pk'))
                objs = models.Book.objects.filter(is_delete=False, pk__in=pks)
                assert len(objs) == len(request.data)
            except:
                return Response(status=400)
            serializer = serializers.BookModelSerializer(instance=objs, data=request.data, many=True, partial=True)
            serializer.is_valid(raise_exception=True)
            objs = serializer.save()
            return Response(serializers.BookModelSerializer(objs, many=True).data)
    

    基于generics包下工具视图类的六大基础接口

    六大基础接口
    1)直接继承generics包下的工具视图类,可以完成六大基础接口
    2)单查群查不能共存
    3)单删一般会重写

    views.py

    from . import models, serializers
    from rest_framework.response import Response
    from rest_framework import generics
    class BookV2APIView(generics.ListAPIView,
                        generics.RetrieveAPIView,
                        generics.CreateAPIView,
                        generics.UpdateAPIView,
                        generics.DestroyAPIView):
        queryset = models.Book.objects.filter(is_delete=False).all()
        serializer_class = serializers.BookModelSerializer
    
        def get(self, request, *args, **kwargs):
            if 'pk' in kwargs:
                return self.retrieve(request, *args, **kwargs)
            return self.list(request, *args, **kwargs)
    
        def delete(self, request, *args, **kwargs):
            pk = kwargs.get('pk')
            models.Book.objects.filter(is_delete=False, pk=pk).update(is_delete=True)
            return Response(status=204)
    
    

    视图集

    ViewSetMixin类存在理由推到
    1)工具视图类,可以完成应付六大基础接口,唯一缺点是单查与群查接口无法共存
    (只配置queryset、serializer_class、lookup_field)
    2)不能共存的原因:RetrieveAPIView和ListAPIView都是get方法,不管带不带pk的get请求,只能映射给一个get方法
    3)能不能修改映射关系:
    比如将/books/的get请求映射给list方法,
    将/books/(pk)/的get请求映射给retrieve方法,
    甚至可以随意自定义映射关系

    导入
    继承视图集的视图类的as_view都是走ViewSetMixin类的,核心源码分析
    @classonlymethod
    def as_view(cls, actions=None, **initkwargs):
        # ...
    
        # 没有actions,也就是调用as_view()没有传参,像as_view({'get': 'list'})
        if not actions:
            raise TypeError("The `actions` argument must be provided when "
                            "calling `.as_view()` on a ViewSet. For example "
                            "`.as_view({'get': 'list'})`")
    
            # ...
    
            # 请求来了走view函数
            def view(request, *args, **kwargs):
                # ...
                # 解析actions,修改 请求分发 - 响应函数 映射关系
                self.action_map = actions
                for method, action in actions.items():  # method:get | action:list
                    handler = getattr(self, action)  # 从我们视图类用action:list去反射,所以handler是list函数,不是get函数
                    setattr(self, method, handler)  # 将get请求对应list函数,所以在dispath分发请求时,会将get请求分发给list函数
    
                    # ...
                    # 通过视图类的dispatch完成最后的请求分发
                    return self.dispatch(request, *args, **kwargs)
    
                # ...
                # 保存actions映射关系,以便后期使用
                view.actions = actions
                return csrf_exempt(view)
    
    核心

    视图集的使用总结
    1)可以直接继承ModelViewSet,实现六大继承接口(是否重写destroy方法,或其他方法,根据需求决定)
    2)可以直接继承ReadOnlyModelViewSet,实现只读需求(只有单查群查)
    3)继承ViewSet类,与Model类关系不是很密切的接口:登录的post请求,是查询操作;短信验证码发生接口,借助第三方平台
    4)继承GenericViewSet类,就代表要配合mixins包,自己完成任意组合
    5)继承以上4个视图集任何一个,都可以与路由as_view({映射})配合,完成自定义请求响应方法

    案例

    urls.py

    url(r'^v3/books/$', views.BookV3APIView.as_view(
        {'get': 'list', 'post': 'create', 'delete': 'multiple_destroy'}
    	)),
    
    url(r'^v3/books/(?P<pk>d+)/$', views.BookV3APIView.as_view(
            {'get': 'retrieve', 'put': 'update', 'patch': 'partial_update', 'delete': 'destroy'}
        )),
    

    views.py

    from rest_framework.viewsets import ModelViewSet
    from rest_framework.response import Response
    class BookV3APIView(ModelViewSet):
        queryset = models.Book.objects.filter(is_delete=False).all()
        serializer_class = serializers.BookModelSerializer
    
        # 可以在urls.py中as_view({'get': 'my_list'})自定义请求映射
        def my_list(self, request, *args, **kwargs):
            return Response('ok')
    
        # 需要完成字段删除,不是重写delete方法,而是重写destroy方法
        def destroy(self, request, *args, **kwargs):
            pk = kwargs.get('pk')
            models.Book.objects.filter(is_delete=False, pk=pk).update(is_delete=True)
            return Response(status=204)
    
    
        # 群删接口
        def multiple_destroy(self, request, *args, **kwargs):
            try:
                models.Book.objects.filter(is_delete=False, pk__in=request.data).update(is_delete=True)
            except:
                return Response(status=400)
            return Response(status=204)
    

    路由组件:必须配合视图集使用

    urls.py

    from django.conf.urls import url, include
    from . import views
    # 路由组件,必须配合视图集使用
    from rest_framework.routers import SimpleRouter
    router = SimpleRouter()
    
    # 以后就写视图集的注册即可:BookV3APIView和BookV4APIView都是视图集
    router.register('v3/books', views.BookV3APIView, 'book')
    router.register('v4/books', views.BookV4APIView, 'book')
    
    urlpatterns = [
        url('', include(router.urls))
    ]
    

    views.py

    from rest_framework.viewsets import ReadOnlyModelViewSet
    class BookV4APIView(ReadOnlyModelViewSet):
        queryset = models.Book.objects.filter(is_delete=False).all()
        serializer_class = serializers.BookModelSerializer
    

    自定义路由组件(了解)

    router.py

    from rest_framework.routers import SimpleRouter as DrfSimpleRouter
    from rest_framework.routers import Route, DynamicRoute
    
    class SimpleRouter(DrfSimpleRouter):
        routes = [
            # List route.
            Route(
                url=r'^{prefix}{trailing_slash}$',
                mapping={
                    'get': 'list',
                    'post': 'create',  # 注:群增只能自己在视图类中重写create方法,完成区分
                    'delete': 'multiple_destroy',  # 新增:群删
                    'put': 'multiple_update',  # 新增:群整体改
                    'patch': 'multiple_partial_update'  # 新增:群局部改
                },
                name='{basename}-list',
                detail=False,
                initkwargs={'suffix': 'List'}
            ),
            # Dynamically generated list routes. Generated using
            # @action(detail=False) decorator on methods of the viewset.
            DynamicRoute(
                url=r'^{prefix}/{url_path}{trailing_slash}$',
                name='{basename}-{url_name}',
                detail=False,
                initkwargs={}
            ),
            # Detail route.
            Route(
                url=r'^{prefix}/{lookup}{trailing_slash}$',
                mapping={
                    'get': 'retrieve',
                    'put': 'update',
                    'patch': 'partial_update',
                    'delete': 'destroy'
                },
                name='{basename}-detail',
                detail=True,
                initkwargs={'suffix': 'Instance'}
            ),
            # Dynamically generated detail routes. Generated using
            # @action(detail=True) decorator on methods of the viewset.
            DynamicRoute(
                url=r'^{prefix}/{lookup}/{url_path}{trailing_slash}$',
                name='{basename}-{url_name}',
                detail=True,
                initkwargs={}
            ),
        ]
    

    上传文件接口

    urls.py

    from django.conf.urls import url, include
    from . import views
    # 路由组件,必须配合视图集使用
    from rest_framework.routers import SimpleRouter
    router = SimpleRouter()
    
    # /books/image/(pk) 提交 form-data:用image携带图片
    router.register('books/image', views.BookUpdateImageAPIView, 'book')
    
    urlpatterns = [
        url('', include(router.urls))
    ]
    

    serializers.py

    class BookUpdateImageModelSerializer(serializers.ModelSerializer):
        class Meta:
            model = models.Book
            fields = ['image']
    

    views.py

    from rest_framework.viewsets import GenericViewSet
    from rest_framework import mixins
    class BookUpdateImageAPIView(GenericViewSet, mixins.UpdateModelMixin):
        queryset = models.Book.objects.filter(is_delete=False).all()
        serializer_class = serializers.BookUpdateImageModelSerializer
    

    认证规则

    权限

    models.py

    from django.db import models
    
    # RBAC - Role-Based Access Control
    # Django的 Auth组件 采用的认证规则就是RBAC
    
    from django.contrib.auth.models import AbstractUser
    class User(AbstractUser):
        mobile = models.CharField(max_length=11, unique=True)
    
        def __str__(self):
            return self.username
    
    
    class Book(models.Model):
        name = models.CharField(max_length=64)
    
        def __str__(self):
            return self.name
    
    
    class Car(models.Model):
        name = models.CharField(max_length=64)
    
        def __str__(self):
            return self.name
    

    settings.py

    ```python
    # 自定义User表,要配置
    AUTH_USER_MODEL = 'api.User'
    

    admin.py

    from django.contrib import admin
    from . import models
    
    from django.contrib.auth.admin import UserAdmin as DjangoUserAdmin
    
    # 自定义User表后,admin界面管理User类
    class UserAdmin(DjangoUserAdmin):
        # 添加用户课操作字段
        add_fieldsets = (
            (None, {
                'classes': ('wide',),
                'fields': ('username', 'password1', 'password2', 'is_staff', 'mobile', 'groups', 'user_permissions'),
            }),
        )
        # 展示用户呈现的字段
        list_display = ('username', 'mobile', 'is_staff', 'is_active', 'is_superuser')
    
    
    admin.site.register(models.User, UserAdmin)
    admin.site.register(models.Book)
    admin.site.register(models.Car)
    

    导入

    1. 像专门做人员权限管理的系统(CRM系统)都是公司内部使用,所以数据量都在10w一下,一般效率要求也不是很高
    2. 用户量极大的常规项目,会分两种用户:前台用户(三大认证) 和 后台用户(BRAC来管理)
      结论:没有特殊要求的Django项目可以直接采用Auth组件的权限六表,不需要自定义六个表,也不需要断开表关系,但可能需要自定义User表

    做项目是否要分表管理前后台用户

    1)是否需要分表
    答案:不需要
    理由:前后台用户共存的项目,后台用户量都是很少;做人员管理的项目,基本上都是后台用户;前后台用户量都大的会分两个项目处理

    2)用户权限六表是否需要断关联
    答案:不需要
    理由:前台用户占主导的项目,几乎需求只会和User一个表有关;后台用户占主导的项目,用户量不会太大

    3)Django项目有没有必须自定义RBAC六表
    答案:不需要
    理由:auth组件功能十分强大且健全(验证密码,创建用户等各种功能);admin、xadmin、jwt、drf-jwt组件都是依赖auth组件的(自定义RBAC六表,插件都需要自定义,成本极高)

    权限六表:RBAC Role Based Access Control

    三表

    在这里插入图片描述

    六表

    在这里插入图片描述

    三大认证规则

    在这里插入图片描述

    总结

    1. 后台用户对各表操作,是后台项目完成的,我们可以直接借助admin后台项目(Django自带的)
    2. 后期也可以用xadmin框架来做后台用户权限管理
    3. 前台用户的权限管理如何处理
      定义了一堆数据接口的视图类,不同的登录用户是否能访问这些视图类,能就代表有权限,不能就代表无权限
      前台用户权限用drf框架的 三大认证

    :前台用户权限会基于 jwt 认证

    我把月亮戳到天上 天就是我的 我把脚踩入地里 地就是我的 我亲吻你 你就是我的
  • 相关阅读:
    解决eclipse自动格式化影响svn提交的问题
    XShell下载安装并连接阿里云
    阿里云服务器购买选择
    三线程循环打印ABC流程解释
    eclipse个人开发较常用的快捷键
    eclipse调试的一些技巧
    Java序列化与反序列化
    vmware vsphere添加磁盘,不重启检测
    win10国内生态-恶心的经历
    本地win10 vmware 虚拟机centos7系统初始化网络配置
  • 原文地址:https://www.cnblogs.com/zhulipeng-1998/p/12863864.html
Copyright © 2011-2022 走看看