标签:header response usr regular returns for 没有 code mit
(1)API/utils文件夹下新建premission.py文件,代码如下:
#!/usr/bin/env python # coding:utf-8 from rest_framework.permissions import BasePermission class SVIPPermission(BasePermission): message = "必须是SVIP才能访问,你权限太低,滚" def has_permission(self,request,view): # request.user 表示获取到 UserInfo 这个类的对象 if request.user.user_type != 3: return False return True class MyPermission(BasePermission): message = "没有权限查看我,滚" def has_permission(self,request,view): if request.user.user_type == 3: return False return True
(2)settings.py全局配置权限
REST_FRAMEWORK = { ‘DEFAULT_AUTHENTICATION_CLASSES‘: [‘API.utils.auth.Authentication‘,], ‘DEFAULT_PERMISSION_CLASSES‘: [‘API.utils.permission.SVIPPermission‘], }
(3)views.py添加权限
#!/usr/bin/env python # coding:utf-8 from django.shortcuts import render,HttpResponse from django.http import JsonResponse from rest_framework.views import APIView from API import models from rest_framework.request import Request from rest_framework import exceptions from rest_framework.authentication import BasicAuthentication from API.utils.permission import SVIPPermission,MyPermission import hashlib import time def md5(user): ctime = str(time.time()) m = hashlib.md5(user) m.update(ctime) return m.hexdigest() class AuthView(APIView): authentication_classes = [] permission_classes = [] def post(self,request,*args,**kwargs): ret = {‘code‘: 1000,‘msg‘:None} try: user = request.POST.get(‘username‘) pwd = request.POST.get(‘password‘) print(user,pwd) obj = models.UserInfo.objects.filter(username=user,password=pwd).first() print(‘=============%s‘ %(obj)) if not obj: ret[‘code‘] = 1001 ret[‘msg‘] = ‘用户名或者密码错误‘ # 为用户创建token token = md5(user) # 存在就更新,不存在就创建 models.UserToken.objects.update_or_create(user=obj,defaults={‘token‘:token}) ret[‘token‘] = token except Exception as e: ret[‘code‘] = 1002 ret[‘msg‘] = ‘请求异常‘ # user = request._request.POST.get(‘username‘) # pwd = request._request.POST.get(‘password‘) # print(user,pwd) # obj = models.UserInfo.objects.filter(username=user,password=pwd).first() # print(‘=============%s‘ %(obj)) # if not obj: # ret[‘code‘] = 1001 # ret[‘msg‘] = ‘用户名或者密码错误‘ # # 为用户创建token # token = md5(user) # # 存在就更新,不存在就创建 # models.UserToken.objects.update_or_create(user=obj,defaults={‘token‘:token}) # ret[‘token‘] = token return JsonResponse(ret) ORDER_DICT = { 1: { ‘name‘: ‘apple‘, ‘price‘: 15, }, 2: { ‘name‘: ‘dog‘, ‘price‘: 100 } } # class Authentication(APIView): # """ # 认证类 # """ # def authenticate(self,request): # token = request._request.GET.get(‘token‘) # token_obj = models.UserToken.objects.filter(token=token).first() # if not token_obj: # raise exceptions.AuthenticationFailed(‘用户认证失败‘) # # 在rest framework内部会将这2个字段赋值给request,以供后续使用 # return (token_obj.user,token_obj) # # def authenticate_header(self,reqeust): # pass class OrderView(APIView): """订单相关业务""" # authentication_classes = [] # 添加认证 def get(self,request,*args,**kwargs): print(request.user) print(request.auth) # print(request.__dict__) ret = {‘code‘:1000,‘msg‘:None, ‘data‘: None} try: ret[‘data‘] = ORDER_DICT except Exception as e: pass return JsonResponse(ret) class UserInfoView(APIView): permission_classes = [MyPermission] def get(self,request,*args,**kwargs): print(request.user) return HttpResponse(‘用户信息‘)
urls.py
from django.conf.urls import url from django.contrib import admin from API import views urlpatterns = [ # url(r‘^admin/‘, admin.site.urls), url(r‘api/v1/auth‘, views.AuthView.as_view()), url(r‘api/v1/order‘, views.OrderView.as_view()), url(r‘api/v1/info‘, views.UserInfoView.as_view()), ]
API/utils/auth.py
#!/usr/bin/env python # coding:utf-8 from rest_framework import exceptions from API import models from rest_framework.authentication import BasicAuthentication class Authentication(BasicAuthentication): def authenticate(self,request): token = request._request.GET.get(‘token‘) token_obj = models.UserToken.objects.filter(token=token).first() if not token_obj: raise exceptions.AuthenticationFailed(‘认证失败‘) return (token_obj.user, token_obj) def authenticate_header(self, request): pass
(4)测试
先get我的token
先来看看有哪些人
看一下权限逻辑,确实如果user_type == 3的话,就是没权限,并且message 中定义了,让我滚了。
#!/usr/bin/env python # coding:utf-8 from rest_framework.permissions import BasePermission class SVIPPermission(BasePermission): message = "必须是SVIP才能访问,你权限太低,滚" def has_permission(self,request,view): # request.user 表示获取到 UserInfo 这个类的对象 if request.user.user_type != 3: return False return True class MyPermission(BasePermission): message = "没有权限查看我,滚" def has_permission(self,request,view): if request.user.user_type == 3: return False return True
再看看order信息吧
(1)dispatch
def dispatch(self, request, *args, **kwargs): """ `.dispatch()` is pretty much the same as Django‘s regular dispatch, but with extra hooks for startup, finalize, and exception handling. """ self.args = args self.kwargs = kwargs #对原始request进行加工,丰富了一些功能 #Request( # request, # parsers=self.get_parsers(), # authenticators=self.get_authenticators(), # negotiator=self.get_content_negotiator(), # parser_context=parser_context # ) #request(原始request,[BasicAuthentications对象,]) #获取原生request,request._request #获取认证类的对象,request.authticators #1.封装request request = self.initialize_request(request, *args, **kwargs) self.request = request self.headers = self.default_response_headers # deprecate? try: #2.认证 self.initial(request, *args, **kwargs) # Get the appropriate handler method if request.method.lower() in self.http_method_names: handler = getattr(self, request.method.lower(), self.http_method_not_allowed) else: handler = self.http_method_not_allowed response = handler(request, *args, **kwargs) except Exception as exc: response = self.handle_exception(exc) self.response = self.finalize_response(request, response, *args, **kwargs) return self.response
(2)initial
def initial(self, request, *args, **kwargs): """ Runs anything that needs to occur prior to calling the method handler. """ self.format_kwarg = self.get_format_suffix(**kwargs) # Perform content negotiation and store the accepted info on the request neg = self.perform_content_negotiation(request) request.accepted_renderer, request.accepted_media_type = neg # Determine the API version, if versioning is in use. version, scheme = self.determine_version(request, *args, **kwargs) request.version, request.versioning_scheme = version, scheme # Ensure that the incoming request is permitted #4.实现认证 self.perform_authentication(request) #5.权限判断 self.check_permissions(request) self.check_throttles(request)
(3)check_permissions
里面有个has_permission这个就是我们自己写的权限判断
def check_permissions(self, request): """ Check if the request should be permitted. Raises an appropriate exception if the request is not permitted. """ #[权限类的对象列表] for permission in self.get_permissions(): if not permission.has_permission(request, self): self.permission_denied( request, message=getattr(permission, ‘message‘, None) )
(4)get_permissions
def get_permissions(self): """ Instantiates and returns the list of permissions that this view requires. """ return [permission() for permission in self.permission_classes]
所以settings全局配置就如下
#全局 REST_FRAMEWORK = { "DEFAULT_PERMISSION_CLASSES":[‘API.utils.permission.SVIPPremission‘], }
django-rest-framework内置权限BasePermission
默认是没有限制权限
class BasePermission(object): """ A base class from which all permission classes should inherit. """ def has_permission(self, request, view): """ Return `True` if permission is granted, `False` otherwise. """ return True def has_object_permission(self, request, view, obj): """ Return `True` if permission is granted, `False` otherwise. """ return True
我们自己写的权限类,应该去继承BasePermission,修改之前写的permission.py文件
# utils/permission.py from rest_framework.permissions import BasePermission class SVIPPremission(BasePermission): message = "必须是SVIP才能访问" def has_permission(self,request,view): if request.user.user_type != 3: return False return True class MyPremission(BasePermission): def has_permission(self,request,view): if request.user.user_type == 3: return False return True
总结:
(1)使用
(2)返回值
(3)局部
(4)全局
REST_FRAMEWORK = { #权限 "DEFAULT_PERMISSION_CLASSES":[‘API.utils.permission.SVIPPremission‘], }
好了,权限这边还是so easy 的。
Django rest framework(2)----权限
标签:header response usr regular returns for 没有 code mit
原文地址:https://www.cnblogs.com/wanstack/p/9882742.html