• django rest framework之权限的源码流程剖析


    视图类:

     1 class UserViewset(BaseView):
     2     '''
     3         create:
     4         创建用户
     5         retrieve:
     6 
     7     '''
     8     queryset = User.objects.all()
     9     authentication_classes = (JSONWebTokenAuthentication, authentication.SessionAuthentication)
    10     def get_serializer_class(self):
    11         self.dispatch
    12         if self.action == "retrieve":
    13             return UserDetailSerializer
    14         elif self.action == "create":
    15             return UserRegSerializer
    16 
    17         return UserDetailSerializer
    18 
    19     def get_permissions(self):  #添加权限类(根据用户请求方法不同设置不同的权限类)
    20         if self.action == "retrieve":
    21             return [permissions.IsAuthenticated()]
    22         elif self.action == "create":
    23             return []
    24 
    25         return []
    26 
    27     def create(self, request, *args, **kwargs):
    28         serializer = self.get_serializer(data=request.data)
    29         serializer.is_valid(raise_exception=True)
    30         user = self.perform_create(serializer)
    31         re_dict = serializer.data
    32         payload = jwt_payload_handler(user)
    33         re_dict["token"] = jwt_encode_handler(payload)
    34         re_dict["name"] = user.name if user.name else user.username
    35 
    36         headers = self.get_success_headers(serializer.data)
    37         return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
    38 
    39     def get_object(self):
    40         return self.request.user
    41 
    42     def perform_create(self, serializer):
    43         return serializer.save()

    通认证的流程一样都在dispatch中调用initial函数

     1     def initial(self, request, *args, **kwargs):
     2         """
     3         Runs anything that needs to occur prior to calling the method handler.
     4         """
     5         self.format_kwarg = self.get_format_suffix(**kwargs)
     6 
     7         # Perform content negotiation and store the accepted info on the request
     8         neg = self.perform_content_negotiation(request)
     9         request.accepted_renderer, request.accepted_media_type = neg
    10 
    11         # Determine the API version, if versioning is in use.
    12         version, scheme = self.determine_version(request, *args, **kwargs)
    13         request.version, request.versioning_scheme = version, scheme
    14 
    15         # Ensure that the incoming request is permitted
    16         self.perform_authentication(request)
    17         self.check_permissions(request) #检查权限
    18         self.check_throttles(request)

    在check_permissions函数:

     1     def check_permissions(self, request):
     2         """
     3         Check if the request should be permitted.
     4         Raises an appropriate exception if the request is not permitted.
     5         """
     6         for permission in self.get_permissions():  #循环在视图类中添加的权限类
     7             if not permission.has_permission(request, self): #调用权限类的has_permission方法进行验证
     8            self.permission_denied(  9 request, message=getattr(permission, 'message', None) 10 ) #认证失败就返回响应

    我自定义的权限类:

     1 class IsOwnerOrReadOnly(permissions.BasePermission):
     2     """
     3     Custom permission to only allow owners of an object to edit it.
     4     """
     5 
     6     def has_object_permission(self, request, view, obj):
     7         # Read permissions are allowed to any request,
     8         # so we'll always allow GET, HEAD or OPTIONS requests.
     9         if request.method in permissions.SAFE_METHODS:
    10             return True
    11 
    12         # Write permissions are only allowed to the owner of the snippet.
    13 
    14         return 'permission' in self.get_user_permissions(request)
    15 
    16 
    17     def get_user_permissions(self,request):
    18         group_list = request.user.groups.all()
    19         permissions = []
    20         for group in group_list:
    21             for permission in group.permissions:
    22                 permissions.append(permission.name)
    23         return permissions
  • 相关阅读:
    hdu2328 Corporate Identity
    hdu1238 Substrings
    hdu4300 Clairewd’s message
    hdu3336 Count the string
    hdu2597 Simpsons’ Hidden Talents
    poj3080 Blue Jeans
    poj2752 Seek the Name, Seek the Fame
    poj2406 Power Strings
    hust1010 The Minimum Length
    hdu1358 Period
  • 原文地址:https://www.cnblogs.com/arrow-kejin/p/9988182.html
Copyright © 2020-2023  润新知