• django rest framework之权限的源码流程剖析


    视图类:

     1 class UserViewset(BaseView):
     2     '''
     3         create:
     4         创建用户
     5         retrieve:
     6 
     7     '''
     8     queryset = User.objects.all()
     9     authentication_classes = (JSONWebTokenAuthentication, authentication.SessionAuthentication)
    10     def get_serializer_class(self):
    11         self.dispatch
    12         if self.action == "retrieve":
    13             return UserDetailSerializer
    14         elif self.action == "create":
    15             return UserRegSerializer
    16 
    17         return UserDetailSerializer
    18 
    19     def get_permissions(self):  #添加权限类(根据用户请求方法不同设置不同的权限类)
    20         if self.action == "retrieve":
    21             return [permissions.IsAuthenticated()]
    22         elif self.action == "create":
    23             return []
    24 
    25         return []
    26 
    27     def create(self, request, *args, **kwargs):
    28         serializer = self.get_serializer(data=request.data)
    29         serializer.is_valid(raise_exception=True)
    30         user = self.perform_create(serializer)
    31         re_dict = serializer.data
    32         payload = jwt_payload_handler(user)
    33         re_dict["token"] = jwt_encode_handler(payload)
    34         re_dict["name"] = user.name if user.name else user.username
    35 
    36         headers = self.get_success_headers(serializer.data)
    37         return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
    38 
    39     def get_object(self):
    40         return self.request.user
    41 
    42     def perform_create(self, serializer):
    43         return serializer.save()

    通认证的流程一样都在dispatch中调用initial函数

     1     def initial(self, request, *args, **kwargs):
     2         """
     3         Runs anything that needs to occur prior to calling the method handler.
     4         """
     5         self.format_kwarg = self.get_format_suffix(**kwargs)
     6 
     7         # Perform content negotiation and store the accepted info on the request
     8         neg = self.perform_content_negotiation(request)
     9         request.accepted_renderer, request.accepted_media_type = neg
    10 
    11         # Determine the API version, if versioning is in use.
    12         version, scheme = self.determine_version(request, *args, **kwargs)
    13         request.version, request.versioning_scheme = version, scheme
    14 
    15         # Ensure that the incoming request is permitted
    16         self.perform_authentication(request)
    17         self.check_permissions(request) #检查权限
    18         self.check_throttles(request)

    在check_permissions函数:

     1     def check_permissions(self, request):
     2         """
     3         Check if the request should be permitted.
     4         Raises an appropriate exception if the request is not permitted.
     5         """
     6         for permission in self.get_permissions():  #循环在视图类中添加的权限类
     7             if not permission.has_permission(request, self): #调用权限类的has_permission方法进行验证
     8            self.permission_denied(  9 request, message=getattr(permission, 'message', None) 10 ) #认证失败就返回响应

    我自定义的权限类:

     1 class IsOwnerOrReadOnly(permissions.BasePermission):
     2     """
     3     Custom permission to only allow owners of an object to edit it.
     4     """
     5 
     6     def has_object_permission(self, request, view, obj):
     7         # Read permissions are allowed to any request,
     8         # so we'll always allow GET, HEAD or OPTIONS requests.
     9         if request.method in permissions.SAFE_METHODS:
    10             return True
    11 
    12         # Write permissions are only allowed to the owner of the snippet.
    13 
    14         return 'permission' in self.get_user_permissions(request)
    15 
    16 
    17     def get_user_permissions(self,request):
    18         group_list = request.user.groups.all()
    19         permissions = []
    20         for group in group_list:
    21             for permission in group.permissions:
    22                 permissions.append(permission.name)
    23         return permissions
  • 相关阅读:
    I/O FileInputStream 字节类型文件输入输出流 (汉字显示乱码)
    Date 获取日期 SimpleDateFormat
    Random 随机生成数
    String StringBuffer Arrays 字符串修改 拼接
    Math
    装箱 拆箱Integer .ValueOf()
    LinkedListTest
    springboot cache
    耀眼的明星--项羽
    耀眼的明星--百年虚云
  • 原文地址:https://www.cnblogs.com/arrow-kejin/p/9988182.html
Copyright © 2020-2023  润新知