• 【1127 | Day67】权限组件的局部配置和全局配置(源码分析)


    一、局部配置权限组件

    1、一个请求过来,首先进入urls.py文件

    url(r'^book_cbv/', views.Book_cbv.as_view(),name="test3"),
    

    2、进入Book_cbv这个类,寻找as_view方法,这个类是我们自己的定义的,我们根本就没有写as_view方法

    class Book_cbv(APIView):
     
        def get(self,request):
            query_list = models.Book.objects.all()
            # bs = book_serializers(query_list,many=True)
            bs = bookmodelserializer(query_list,many=True,context={'request': request})
     
     
            return Response(bs.data)
        def post(self,request):
            bs = bookmodelserializer(data=request.data)
            print(request.data)
            if bs.is_valid():
                print(bs.validated_data)
                bs.save()
                return Response(bs.data)
            else:
                return Response(bs.errors)
    

    3、进入父类寻找as_view方法,父类为APIView,父类的as_view方法实际是执行APIView类的父类的view方法

    @classmethod
    def as_view(cls, **initkwargs):
        """
        Store the original class on the view function.
     
        This allows us to discover information about the view when we do URL
        reverse lookups.  Used for breadcrumb generation.
        """
        if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet):
            def force_evaluation():
                raise RuntimeError(
                    'Do not evaluate the `.queryset` attribute directly, '
                    'as the result will be cached and reused between requests. '
                    'Use `.all()` or call `.get_queryset()` instead.'
                )
            cls.queryset._fetch_all = force_evaluation
     
        view = super(APIView, cls).as_view(**initkwargs)
        view.cls = cls
        view.initkwargs = initkwargs
    

    4、进入APIView类的父类View类,看下as_view方法干了什么,实际执行View类的as_view方法,就是执行APIView类的dispatch方法

    @classonlymethod
     def as_view(cls, **initkwargs):
         """
         Main entry point for a request-response process.
         """
         for key in initkwargs:
             if key in cls.http_method_names:
                 raise TypeError("You tried to pass in the %s method name as a "
                                 "keyword argument to %s(). Don't do that."
                                 % (key, cls.__name__))
             if not hasattr(cls, key):
                 raise TypeError("%s() received an invalid keyword %r. as_view "
                                 "only accepts arguments that are already "
                                 "attributes of the class." % (cls.__name__, key))
     
         def view(request, *args, **kwargs):
             self = cls(**initkwargs)
             if hasattr(self, 'get') and not hasattr(self, 'head'):
                 self.head = self.get
             self.request = request
             self.args = args
             self.kwargs = kwargs
             return self.dispatch(request, *args, **kwargs)
         view.view_class = cls
         view.view_initkwargs = initkwargs
     
         # take name and docstring from class
         update_wrapper(view, cls, updated=())
     
         # and possible attributes set by decorators
         # like csrf_exempt from dispatch
         update_wrapper(view, cls.dispatch, assigned=())
         return view
    

    5、进入APIView类的dispatch方法,其实,我们这里需要关注的是initial方法

    def dispatch(self, request, *args, **kwargs):
        """
        `.dispatch()` is pretty much the same as Django's regular dispatch,
        but with extra hooks for startup, finalize, and exception handling.
        """
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?
     
        try:
            self.initial(request, *args, **kwargs)
     
            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed
     
            response = handler(request, *args, **kwargs)
     
        except Exception as exc:
            response = self.handle_exception(exc)
     
        self.response = self.finalize_response(request, response, *args, **kwargs)
        return self.response
    

    6、进入initial方法,这里就到了我们的权限组件check_permissions

    def initial(self, request, *args, **kwargs):
        """
        Runs anything that needs to occur prior to calling the method handler.
        """
        self.format_kwarg = self.get_format_suffix(**kwargs)
     
        # Perform content negotiation and store the accepted info on the request
        neg = self.perform_content_negotiation(request)
        request.accepted_renderer, request.accepted_media_type = neg
     
        # Determine the API version, if versioning is in use.
        version, scheme = self.determine_version(request, *args, **kwargs)
        request.version, request.versioning_scheme = version, scheme
     
        # Ensure that the incoming request is permitted
        self.perform_authentication(request)
        self.check_permissions(request)
        self.check_throttles(request)
    

    7、进入check_permissions方法,这里需要重点看下self.get_permissions

    这个方法干了什么,知道这个方法了什么,我们在回到这个这个方法往下看

    def check_permissions(self, request):
        """
        Check if the request should be permitted.
        Raises an appropriate exception if the request is not permitted.
        """
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(
                    request, message=getattr(permission, 'message', None)
                )
    

    8、进入self.get_permissions方法,这里是不是很熟悉,和我们前面讲的认证组件是不是很类似?

    我们需要在我们自己的配置的视图类中定义个permission_classes的列表,而这个列表的内容是就是每个控制权限的类的实例对象

    def get_permissions(self):
        """
        Instantiates and returns the list of permissions that this view requires.
        """
        return [permission() for permission in self.permission_classes]
    

    9、下面在回到步骤7,往下看,就知道我们该如何配置这个权限类

    img

    10、下面我们就按照上面的分析定义我们自己的权限类

    具体什么逻辑为权限允许,就是我们自己设置了

    class SVIPpermission(object):
        message = "只有超级用户才能访问"
        def has_permission(self,request,view):
            user_name = request.user
            user_type = models.User.objects.filter(name=user_name).first().user_type
            if user_type == 1:
                return True
            else:
                return False
    

    在视图类中使用权限类

    img

    二、全局配置权限组件

    1、确定默认的权限控制的类的名称

    img

    2、把我们的权限控制的类放在一个单独文件中

    img

    3、进入settings中配置

    REST_FRAMEWORK = {
        "DEFAULT_AUTHENTICATION_CLASSES":(
            "app1.utils.Book_auther",
        ),
        "DEFAULT_PERMISSION_CLASSES_CLASSES": (
            "app1.utils.SVIPpermission",
        )
    }
    

    img

  • 相关阅读:
    【C++】Debugging Segmentation Faults
    Ubuntu硬盘挂载
    基于C++11以及17实现线程池【如何设置线程池大小】
    Ubuntu快速删除大量文件的思路
    基于systemback的Ubuntu系统镜像备份和安装方案
    【Vue项目实践】创建一个 electron+vue3 的项目
    【Vue项目实践】套用github 上的项目(vue3 + Element Plus)运行 可编辑表格
    在vscode中使用博客园插件
    【rtsp】视频流
    【Vue项目实践】采用 iview 快速开始
  • 原文地址:https://www.cnblogs.com/fxyadela/p/11941771.html
Copyright © 2020-2023  润新知