认证组件:
models
1 class User(models.Model): 2 username = models.CharField(max_length=32) 3 password = models.CharField(max_length=32) 4 user_type_entry = ( 5 (1,"Delux"), 6 (2,"SVIP"), 7 (3,"VVIP"), 8 ) 9 user_type = models.IntegerField(choices=user_type_entry) 10 11 def __str__(self): 12 return self.username 13 14 15 class UserToken(models.Model): 16 user = models.OneToOneField("User",on_delete=models.CASCADE) 17 token = models.CharField(max_length=128)
写一个认证类
1 from rest_framework.authentication import BaseAuthentication 2 from rest_framework.exceptions import APIException 3 4 from app01.models import UserToken 5 6 7 class UserAuth(BaseAuthentication): 8 # 所有认证的逻辑都在authenticate中 9 def authenticate(self, request): 10 user_token = request.GET.get("token") 11 token = UserToken.objects.filter(token=user_token).first() 12 if token: 13 return token.user, token.token 14 else: 15 raise APIException("没有认证!")
views中
1 class UserView(APIView): 2 3 def post(self,request): 4 # 定义返回消息 5 response = dict() 6 # 定义需要的用户信息 7 fields = {"username", "password"} 8 # 定义一个用户信息字典 9 user_info = dict() 10 11 if fields.issubset(set(request.data.keys())): 12 for key in fields: 13 user_info[key] = request.data[key] 14 15 user_obj = User.objects.filter(**user_info).first() 16 17 if user_obj: 18 access_token = get_random_str() 19 UserToken.objects.update_or_create(user=user_obj,defaults={ 20 "token": access_token 21 }) 22 23 response["status_code"] = 200 24 response["status_message"] = "登录成功" 25 response["access_token"] = access_token 26 response["user_role"] = user_obj.get_user_type_display() 27 else: 28 response["status_code"] = 201 29 response["status_message"] = "登录失败,用户名或密码错误" 30 31 return Response(response)
权限类
1 from rest_framework.permissions import BasePermission 2 3 class UserPerm(BasePermission): 4 message = "您没有查看数据的权限!" 5 6 def has_permission(self,request,view): 7 if request.user.user_type == 3: 8 return True 9 return False
在需要认证和权限的视图类中加入
1 class BookView(ModelViewSet): 2 authentication_classes = [UserAuth] 3 permission_classes = [UserPerm] 4 queryset = Book.objects.all() 5 serializer_class = BookSerializer