DRF权限组件
1.DRF权限组件(局部+全局) django
和上述的认证组件使用方式同样,定义一个权限类,必需要有def has_permission(self,request, view):pass方法,能够在类中定义变量message指定无权限时的提示内容。api
权限组件也能够在视图中局部使用,或者在settings.py中进行全局配置session
在有注册登陆操做时,为了不认证和权限,仍是继承View最好或使用局部认证配置。app
settings.py ide
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app01.apps.App01Config', 'rest_framework', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] REST_FRAMEWORK = { #认证配置(全局配置)----针对全部的继承APIView的类,最终都会有结果返回 'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#能够自定义多个认证类 # 'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值 # 'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值 #权限配置(全局配置)----针对-针对全部的继承APIView的类,在认证以后执行,没有权限会返回message,有权限继续执行 'DEFAULT_PERMISSION_CLASSES':['app01.utils.permission.SVIPPermission',]#能够自定义多个权限 }
utils--auth.py--MyAuth认证类 函数
#认证组件 from rest_framework.authentication import BaseAuthentication,BasicAuthentication class MyAuth(BaseAuthentication):#能够直接继承BaseAuthentication类,能够省略authenticate_header方法,或者继承BasicAuthentication def authenticate(self, request): token = request._request.GET.get('token') token_obj = models.UserToken.objects.get(token=token) if not token_obj: raise exceptions.AuthenticationFailed('未认证用户!!!') return (token_obj.user', 'request.auth') # 认证函数执行结果若是经过则为元组,元组第一个元素封装在为request.user
utils--permission.py--SVIPPermission/MyPermission权限类post
# 权限组件 class SVIPPermission(object): # message = 'You do not have permission to perform this action.'#默认值 message = '无此权限!!!' def has_permission(self,request, view): if request.user.user_type == 3: return False #False为没权限 return True #True为有权限 class MyPermission(object): def has_permission(self,request, view): if request.user.user_type != 3: return False return True
models.pythis
from django.db import models # Create your models here class UserInfo(models.Model): """ 用户表 """ user_type_choices = [ (1, '普通用户'), (2, 'VIP用户'), (3, 'SVIP用户'), ] user_type = models.IntegerField(choices=user_type_choices) username = models.CharField(max_length=10, unique=True) password = models.CharField(max_length=12, null=False) class UserToken(models.Model): """ token表 """ user = models.OneToOneField(to='UserInfo') token = models.CharField(max_length=64) create_time = models.DateTimeField(auto_now=True) class Book(models.Model): name = models.CharField(max_length=12)
urls.pyurl
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api/v1/login/$', views.AuthView.as_view()), url(r'^book/$', views.BookView.as_view(),name='book'), url(r'^order/$', views.OrderView.as_view(),name='order'), ]
views.pyspa
from django.shortcuts import render, HttpResponse from rest_framework.views import APIView from app01 import models from django.http import JsonResponse from app01.utils.auth import MyAuth from app01.utils.permission import MyPermission,SVIPPermission from django.views import View # Create your views here. # 实例url:http://127.0.0.1:8000/book/?token=1 class BookView(APIView): # # (1)认证组件(局部使用) # authentication_classes = [MyAuth, ] #(2)权限组件(局部使用)---局部和全局都有时从局部优先 permission_classes = [MyPermission,] def get(self, request): print(request.user) #request.user在APIViewD的dispatch中进行封装的 return HttpResponse('GET') def post(self, request): return HttpResponse('POST') def put(self, request): return HttpResponse('PUT') def patch(self, request): return HttpResponse('PATCH') def delete(self, request): return HttpResponse('DELETE') class OrderView(APIView): # (1)认证组件 authentication_classes = [MyAuth, ] # (2)权限组件 # permission_classes = [SVIPPermission] def get(self, request): print(request.user) # request.user在认证组件中进行封装的 return HttpResponse('GET') def post(self, request): return HttpResponse('POST') def put(self, request): return HttpResponse('PUT') def patch(self, request): return HttpResponse('PATCH') def delete(self, request): return HttpResponse('DELETE') import time import hashlib def token_md5(username): """ 自定义token :param username: :return: """ t = time.time() md5 = hashlib.md5(str(t).encode('utf-8')) md5.update(username.encode('utf-8')) return md5.hexdigest() class AuthView(View): #若是不注册自定义组件,走默认的认证,最后返回了request.user和request.auth都是匿名用户默认值,能够在settings.py中加载自定义配置 #可是在权限认证是很差经过,因此仍是直接继承View def post(self, request): """ 用户登陆 :param request:进行封装以后的request对象 :return: 登陆结果信息 """ ret = {'code': 0, 'msg': ''} username = request.POST.get('username', None) password = request.POST.get('password', None) # 每次登录若是有就更新没有就建立 try: user_obj = models.UserInfo.objects.filter(username=username, password=password).first() if user_obj: token = token_md5(username) print(token) # 每次登录若是有就更新没有就建立 models.UserToken.objects.update_or_create(user=user_obj, defaults={'token': token}) ret['msg'] = '登录成功!' ret['token'] = token else: ret['code'] = 1 ret['msg'] = '帐号或密码有误!!!' except Exception as e: ret['code'] = 2 ret['msg'] = '未知错误!!!' finally: return JsonResponse(ret)
2. DRF权限组件继承类(全局)
在自定义权限组件类时,推荐继承BasePermission类,重写def has_permission(self,request, view):pass方法
utils--permission.py--SVIPPermission/MyPermission权限类
from rest_framework.permissions import BasePermission # 权限组件 class SVIPPermission(BasePermission):#推荐继承BasePermission类 # message = 'You do not have permission to perform this action.'#默认值 message = '无此权限!!!' def has_permission(self,request, view): if request.user.user_type == 3: return False #False为没权限 return True #True为有权限 class MyPermission(BasePermission):#推荐继承BasePermission类 def has_permission(self,request, view): if request.user.user_type != 3: return False return True
settings.py
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app01.apps.App01Config', 'rest_framework', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] REST_FRAMEWORK = { #认证配置(全局配置)----针对全部的继承APIView的类,最终都会有结果返回 'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#能够自定义多个认证类 # 'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值 # 'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值 #权限配置(全局配置)----针对-针对全部的继承APIView的类,在认证以后执行,没有权限会返回message,有权限继续执行 'DEFAULT_PERMISSION_CLASSES':['app01.utils.permission.SVIPPermission',]#能够自定义多个权限 }
相关文章
- 1. DRF之权限认证频率组件
- 2. DRF 权限 频率
- 3. 权限组件
- 4. DRF的权限和频率
- 5. DRF的权限认证
- 6. DRF Django REST framework 之 认证与权限组件(五)
- 7. drf认证组件、权限组件、jwt认证、签发、jwt框架使用
- 8. Token 认证的前因后果,DRF认证,DRF权限,DRF限制
- 9. 权限组件permission
- 10. drf 组件
- 更多相关文章...
- • MySQL删除用户权限(REVOKE) - MySQL教程
- • ASP AdRotator 组件 - ASP 教程
- • Docker容器实战(六) - 容器的隔离与限制
- • 互联网组织的未来:剖析GitHub员工的任性之源
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 论文大盘点-光流篇
- 2. Photoshop教程_ps中怎么载入图案?PS图案如何导入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 导入源码包
- 6. python学习 day2——基础学习
- 7. 3D将是页游市场新赛道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 图片(pgn显示、jpg不显示)解决方案
欢迎关注本站公众号,获取更多信息
相关文章
- 1. DRF之权限认证频率组件
- 2. DRF 权限 频率
- 3. 权限组件
- 4. DRF的权限和频率
- 5. DRF的权限认证
- 6. DRF Django REST framework 之 认证与权限组件(五)
- 7. drf认证组件、权限组件、jwt认证、签发、jwt框架使用
- 8. Token 认证的前因后果,DRF认证,DRF权限,DRF限制
- 9. 权限组件permission
- 10. drf 组件