码迷,mamicode.com
首页 > 其他好文 > 详细

Django rest framework 权限操作(源码分析二)

时间:2018-11-09 22:04:54      阅读:269      评论:0      收藏:0      [点我收藏+]

标签:except   tin   错误提示   权限错误   format   void   The   span   .com   

知识回顾 

这一篇是基于上一篇写的,上一篇谢了认证的具体流程,看懂了上一篇这一篇才能看懂,

当用户访问是 首先执行dispatch函数,当执行当第二部时:

   #2.处理版本信息 处理认证信息 处理权限信息 对用户的访问频率进行限制
            self.initial(request, *args, **kwargs)

进入到initial方法:

技术分享图片
 def initial(self, request, *args, **kwargs):
        """
        Runs anything that needs to occur prior to calling the method handler.
        """
        self.format_kwarg = self.get_format_suffix(**kwargs)

        # Perform content negotiation and store the accepted info on the request
        neg = self.perform_content_negotiation(request)
        request.accepted_renderer, request.accepted_media_type = neg

        # Determine the API version, if versioning is in use.
        #2.1处理版本信息
        version, scheme = self.determine_version(request, *args, **kwargs)
        request.version, request.versioning_scheme = version, scheme

        # Ensure that the incoming request is permitted
        #2.2处理认证信息
        self.perform_authentication(request)
        #2.3处理权限信息
        self.check_permissions(request)
        #2.4对用户的访问频率进行限制
        self.check_throttles(request)
技术分享图片
 #2.3处理权限信息
        self.check_permissions(request)

下面 开始 权限的具体分析:

进入到check_permissions函数中

技术分享图片
 #检查权限
    def check_permissions(self, request):
        """
        Check if the request should be permitted.
        Raises an appropriate exception if the request is not permitted.
        """
        #elf.get_permissions()得到的是一个权限对象列表
        for permission in self.get_permissions():
            #在自定义的Permission中has_permission方法是必须要有的
            #判断当前has_permission返回的是True,False,还是抛出异常
            #如果是True则表示权限通过,False执行下面代码
            if not permission.has_permission(request, self):
                #为False的话则抛出异常,当然这个异常返回的提示信息是英文的,如果我们想让他显示我们自定义的提示信息
                #我们重写permission_denied方法即可
                self.permission_denied(
                    #从自定义的Permission类中获取message(权限错误提示信息),一般自定义的话都建议写上,如果没有则为默认的(英文提示)
                    request, message=getattr(permission, message, None)
                )
技术分享图片

查看permission_denied方法(如果has_permission返回True则不执行该方法)

技术分享图片
 def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """
        if request.authenticators and not request.successful_authenticator:
            #没有登录提示的错误信息
            raise exceptions.NotAuthenticated()
        #一般是登陆了但是没有权限提示
        raise exceptions.PermissionDenied(detail=message)
技术分享图片

 

举例:

技术分享图片
from django.db import models

# Create your models here.
class Userinfo(models.Model):
    name=models.CharField(max_length=32,verbose_name=用户名)
    pwd=models.CharField(max_length=32,verbose_name=密码)
    token=models.CharField(max_length=64,null=True)

    def __str__(self):
        return self.name
models
技术分享图片
urlpatterns = [
    url(r^p/, app02_views.Pview.as_view()),
    url(r^mp/, app02_views.Aview.as_view()),
    url(r^jp/, app02_views.Jview.as_view()),
]
urls
技术分享图片
from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.authentication import BaseAuthentication
from rest_framework.permissions import BasePermission
from rest_framework.response import Response
from rest_framework import exceptions


from app01 import models
# Create your views here.

class MyAuthentication(BaseAuthentication):

    def authenticate(self, request):
        token=request.query_params.get(token)
        user=models.Userinfo.objects.filter(token=token).first()
        if user:
            return (user.name,user)
        return None

class MyPermission(object):
    message = 登录才可以访问
    def has_permission(self,request, view):
        if request.user:
            return True
        return False

class AdminPermission(object):
    message = 会员才可以访问
    def has_permission(self,request,view):
        if request.user==ctz:
            return True
        return False

class Pview(APIView):
    ‘‘‘
    所有人都可以看
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = []
    def get(self,request):
        return Response(图片列表)
    def post(self,request):
        pass




class Aview(APIView):
    ‘‘‘
    登录的人可以看
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = [MyPermission,]
    def get(self,request):
        return Response(美国电影列表)
    def post(self,request):
        pass

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """

        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(无权访问)
        raise exceptions.PermissionDenied(detail=message)

class Jview(APIView):
    ‘‘‘
    会员才可以看
    ‘‘‘
    authentication_classes = [MyAuthentication,]
    permission_classes = [MyPermission,AdminPermission,]
    def get(self,request):
        return Response(日本电影列表)
    def post(self,request):
        pass

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """

        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(无权访问)
        raise exceptions.PermissionDenied(detail=message)
Views

上面的是局部的只能在当前类中可以用,如果想在全局中用:只需要在settings中配置即可:

技术分享图片
from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.authentication import BaseAuthentication
from rest_framework.permissions import BasePermission
from rest_framework.response import Response
from rest_framework import exceptions

from app02.utils import MyPermission
#
#
from app01 import models
# # Create your views here.
#
# class MyAuthentication(BaseAuthentication):
#
#     def authenticate(self, request):
#         token=request.query_params.get(‘token‘)
#         user=models.Userinfo.objects.filter(token=token).first()
#         if user:
#             return (user.name,user)
#         return None
#
# class MyPermission(object):
#     message = ‘登录才可以访问‘
#     def has_permission(self,request, view):
#         if request.user:
#             return True
#         return False
#
# class AdminPermission(object):
#     message = ‘会员才可以访问‘
#     def has_permission(self,request,view):
#         if request.user==‘ctz‘:
#             return True
#         return False

class Pview(APIView):
    ‘‘‘
    所有人都可以看
    ‘‘‘

    permission_classes = []
    def get(self,request):
        return Response(图片列表)
    def post(self,request):
        pass




class Aview(APIView):
    ‘‘‘
    登录的人可以看
    ‘‘‘
  #  authentication_classes = [MyAuthentication,]
    permission_classes = [MyPermission,]
    def get(self,request):
        return Response(美国电影列表)
    def post(self,request):
        pass

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """

        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(无权访问)
        raise exceptions.PermissionDenied(detail=message)

class Jview(APIView):
    ‘‘‘
    会员才可以看
    ‘‘‘
    # authentication_classes = [MyAuthentication,]
    # permission_classes = [MyPermission,AdminPermission,]
    def get(self,request):
        return Response(日本电影列表)
    def post(self,request):
        pass

    def permission_denied(self, request, message=None):
        """
        If request is not permitted, determine what kind of exception to raise.
        """

        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated(无权访问)
        raise exceptions.PermissionDenied(detail=message)
Views
技术分享图片
from django.shortcuts import render

from rest_framework.authentication import BaseAuthentication
from rest_framework.permissions import BasePermission
from rest_framework.response import Response
from rest_framework import exceptions
from rest_framework.exceptions import APIException


from app01 import models
# Create your views here.

class MyAuthentication(BaseAuthentication):

    def authenticate(self, request):
        token=request.query_params.get(token)
        user=models.Userinfo.objects.filter(token=token).first()
        if user:
            return (user.name,user)
        return None

class MyPermission(object):
    message = 登录才可以访问
    def has_permission(self,request, view):
        if request.user:
            return True
        return False

class AdminPermission(object):
    message = 会员才可以访问
    def has_permission(self,request,view):
        if request.user==ctz:
            return True
        return False
utils
技术分享图片
REST_FRAMEWORK = {
    UNAUTHENTICATED_USER: None,
    UNAUTHENTICATED_TOKEN: None,
    "DEFAULT_AUTHENTICATION_CLASSES": [
      # "app01.utils.MyAuthentication",
        "app02.utils.MyAuthentication",
    ],
    "DEFAULT_PERMISSION_CLASSES":[
       "app02.utils.MyPermission",
       "app02.utils.AdminPermission",
    ],
}
settings

 

Django rest framework 权限操作(源码分析二)

标签:except   tin   错误提示   权限错误   format   void   The   span   .com   

原文地址:https://www.cnblogs.com/mjc69213/p/9937349.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!