丛FBC到CBV三(权限)
| 用户组(group) | |
| id | group_name |
| 1 | usual |
| 2 | vip |
| 3 | svip |
| 4 | admin |
| 用户(user) | |||
| id | username | password | group_id |
| 1 | Joshua | 123 | 1 |
| 2 | William | 123 | 2 |
| 3 | Daniel | 123 | 3 |
| 4 | Michael | 123 | 4 |
# -*- coding:utf-8 -*-
from django.db import models
class Group(models.Model):
id = models.AutoField(primary_key=True)
group_name = models.CharField(max_length=40)
class Meta:
db_table = ‘group‘
class User(models.Model):
id = models.AutoField(primary_key=True)
username = models.CharField(max_length=40,unique=True)
password = models.CharField(max_length=40)
group_id = models.ForeignKey(Group, default=1)
class Meta:
db_table = ‘user‘
from django.http.response import JsonResponse
from rest_framework.views import APIView
from permissions.models import User, Group
class Users(APIView):
def get(self, request):
users = User.objects.all().values()
return JsonResponse(list(users), safe=False)
class Groups(APIView):
def get(self, request):
groups = Group.objects.all().values()
return JsonResponse(list(groups), safe=False)
from django.conf.urls import url
from django.contrib import admin
from permissions.views import Users, Groups
urlpatterns = [
url(r‘^admin/‘, admin.site.urls),
url(r‘^user/$‘, Users.as_view(), name=‘user‘),
url(r‘^group/$‘, Groups.as_view(), name=‘group‘),
]
| 会员项目(member_programs) | |
| id | program_name |
| 1 | 书法长卷 |
| 2 | 书法碑帖 |
| 3 | 墓志塔铭 |
| 4 | 兰亭集序 |
class MemberProgram(models.Model):
id = models.AutoField(primary_key=True)
program_name = models.CharField(max_length=100)
class Meta:
db_table = ‘member_program‘
from django.conf.urls import url
from permissions.views import Users, Groups, MemberPrograms
urlpatterns = [
url(r‘^user/$‘, Users.as_view(), name=‘user‘),
url(r‘^group/$‘, Groups.as_view(), name=‘group‘),
url(r‘^program/$‘, MemberPrograms.as_view(), name=‘program‘),
]
class MemberPrograms(APIView):
def get(self, request):
programs = MemberProgram.objects.all().values()
return JsonResponse(list(programs), safe=False)
class MyAuthentication(BaseAuthentication):
def authenticate(self, request):
name = request._request.GET.get(‘username‘)
print(name)
return (name, None)
class MemberPrograms(APIView):
authentication_classes = [MyAuthentication, ]
def get(self, request):
if not request.user: # 没用用户身份,不允许访问
ret = {‘code‘: 1002, ‘error‘: ‘权限被拒‘}
return JsonResponse(ret)
username = request.user
try:
group_name = User.objects.get(username=username).group.group_name
except User.DoesNotExist: # 用户身份不存在,返回错误信息
ret = {‘code‘: 1003, ‘error‘: ‘用户不存在‘}
return JsonResponse(ret)
if group_name == ‘usual‘: # 是普通用户,没有权限
ret = {‘code‘: 1002, ‘error‘: ‘权限被拒‘}
return JsonResponse(ret)
programs = MemberProgram.objects.all().values() # 用户权限满足条件 返回接口信息
return JsonResponse(list(programs), safe=False)
x
from rest_framework.authentication import BaseAuthentication
from rest_framework.permissions import BasePermission
from rest_framework.exceptions import PermissionDenied
lass MyAuthentication(BaseAuthentication):
def authenticate(self, request):
name = request._request.GET.get(‘username‘)
print(name)
return (name, None)
class MyPermission(BasePermission):
def has_permission(self, request, view):
if not request.user:
raise PermissionDenied(‘权限被拒‘)
username = request.user
try:
group_name = User.objects.get(username=username).group.group_name
except User.DoesNotExist:
raise PermissionDenied(‘用户不存在‘)
if group_name == ‘usual‘:
raise PermissionDenied(‘权限被拒‘)
return True
class MemberPrograms(APIView):
authentication_classes = [MyAuthentication, ]
permission_classes = [MyPermission, ]
def get(self, request):
programs = MemberProgram.objects.all().values()
return JsonResponse(list(programs), safe=False)
原文:https://www.cnblogs.com/wangbaojun/p/10994310.html