Rest-framework之drf认证组件,权限组件
1.views视图层
from django.shortcuts import render from rest_framework.views import APIView from app01 import models from django.core.exceptions import ObjectDoesNotExist import hashlib import time from django.http import JsonResponse from app01 import MySerializer from rest_framework.request import Request from rest_framework import exceptions def get_token(name): md5 = hashlib.md5() # 生成一个MD5对象 # 往里添加值,必须是bytes格式 # time.time()生成时间戳类型,转成字符串,再encode转成bytes格式 md5.update(str(time.time()).encode('utf-8')) md5.update(name.encode('utf-8')) return md5.hexdigest() # 登录接口 class Login(APIView): authentication_classes = [] # 登录就是使用post,get是返回一个页面 def post(self, request, *args, **kwargs): response = {'status': 100, 'msg': '登录成功'} name = request.data.get('name') pwd = request.data.get('pwd') try: user = models.UserInfo.objects.get(name=name, pwd=pwd) # 校验通过,登陆成功,就生成一个随机字符串(身份标识),token token = get_token(name) # 保存到数据库 # user=user就是需要查询的数据,defaults里面:token就是需要修改或者新增的数据 models.UserToken.objects.update_or_create(user=user, defaults={'token': token}) # 登陆成功之后把登录返回给他,以后就带着token过来 response['token'] = token except ObjectDoesNotExist as e: response['status'] = 101 response['msg'] = '用户名或密码错误' except Exception as e: # 万能异常,里面只要出错,程序就会走到这里 response['status'] = 102 # response['msg'] = '未知错误' # 把整个错误信息转换成str类型,赋值给e,一般在测试时使用这个 response['msg'] = str(e) # 如果不写safe=False,只能序列化字典形式,如果字典里面又套了列表,或者直接是一个列表,就必须写safe=False return JsonResponse(response, safe=False) from app01.MyAuth import LoginAuth class Books(APIView): # 列表中类名不能加括号 authentication_classes = [LoginAuth, ] def get(self, request, *args, **kwargs): # 只要通过认证,就能取到当前登录用户对象的密码,id等信息 # print(request.query_params) # print(request.user.name) # print(request.user.pwd) response = {'status': 100, 'msg': '查询成功'} res = models.Book.objects.all() book_ser = MySerializer.BookSerializer(res, many=True) # 这个数据是需要返回给前台的 response['data'] = book_ser.data # print(book_ser.data) return JsonResponse(response, safe=False) # 需求:只能黄金会员才能查看作者详情,其他会员不能看 from app01.MyAuth import UserPermission class Authors(APIView): # permission_classes = [UserPermission,] # 局部禁用 permission_classes = [] def get(self, request, *args, **kwargs): response = {'status': 100, 'msg': '查询成功'} author_all = models.Author.objects.all() author_ser = MySerializer.AuthorSerializer(author_all, many=True) response['data'] = author_ser.data return JsonResponse(response, safe=False) class User(APIView): def get(self, request, *args, **kwargs): response = {'status': 100, 'msg': '查询成功'} user_all = models.UserInfo.objects.all() user_ser = MySerializer.UserSerializer(user_all, many=True) response['data'] = user_ser.data return JsonResponse(response, safe=False)
2.MyAuth.py-认证组件和权限组件
from app01 import models from rest_framework import exceptions from rest_framework.authentication import BaseAuthentication # 认证组件,使用drf的认证,我们需要写一个类 class LoginAuth(BaseAuthentication): # 函数名一定要叫authenticate,需要接收2个参数,第二个参数是request对象 def authenticate(self, request): # 从request对象中取出token(也可以从其他地方取) token = request.query_params.get('token') # 去数据库过滤,查询 ret = models.UserToken.objects.filter(token=token).first() if ret: # 能查到,说明认证通过,反回空 # ret.user就是当前登录用户对象 return ret.user, ret # 如果查不到,就抛出异常 raise exceptions.APIException('认证失败') #权限组件,谁有资格查看作者详情信息 class UserPermission(): # message是错误显示的中文 message = '您没有权限查看' def has_permission(self, request, view): user_type = request.user.user_type # print(user_type) # 取出用户类型对应的文字 # 固定用法:get_字段名_display() user_type_name = request.user.get_user_type_display() print(user_type_name) if user_type == 2: return True else: return False
3.MySerializer.py-序列化组件
from rest_framework import serializers from app01 import models class BookSerializer(serializers.ModelSerializer): class Meta: model = models.Book fields = '__all__' class AuthorSerializer(serializers.ModelSerializer): class Meta: model = models.Author fields = '__all__' class UserSerializer(serializers.ModelSerializer): class Meta: model = models.UserInfo fields = '__all__' user_type=serializers.CharField(source='get_user_type_display') # user_type = serializers.SerializerMethodField() # def get_user_type(self, obj): # return obj.get_user_type_display()
4.models层
from django.db import models # Create your models here. # 用户信息 class UserInfo(models.Model): name = models.CharField(max_length=32) pwd = models.CharField(max_length=32) # 写choice user_choice = ((0, '普通会员'), (1, '铂金会员'), (2, '黄金会员')) # 指定choice,可以快速的通过数字,取出文字 user_type = models.IntegerField(choices=user_choice,default=0) # 用户token class UserToken(models.Model): token = models.CharField(max_length=64) user = models.OneToOneField(to='UserInfo') class Book(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) price = models.DecimalField(max_digits=5, decimal_places=2) publish_date = models.DateField() publish = models.ForeignKey(to='Publish', to_field='nid', on_delete=models.CASCADE) # 删除关联数据,与之关联也删除 authors = models.ManyToManyField(to='Author') def __str__(self): return self.name class Author(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) age = models.IntegerField() author_detail = models.OneToOneField(to='AuthorDetail', to_field='nid', unique=True, on_delete=models.CASCADE) class AuthorDetail(models.Model): nid = models.AutoField(primary_key=True) telephone = models.BigIntegerField() birthday = models.DateField() addr = models.CharField(max_length=64) def __str__(self): return self.telephone class Publish(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) city = models.CharField(max_length=32) email = models.EmailField() def __str__(self): return self.name def test(self): return self.email
5.settings.py
全局使用认证和权限 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ['app01.MyAuth.LoginAuth', ], 'DEFAULT_PERMISSION_CLASSES': ['app01.MyAuth.UserPermission', ] }
6.urls.py路由层
urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^login/', views.Login.as_view()), url(r'^books/', views.Books.as_view()), url(r'^authors/', views.Authors.as_view()), url(r'^users/', views.User.as_view()), ]