drf权限组件
(1)model层
class UserInfo(models.Model): name = models.CharField(max_length=32) # 写choice user_choice = ((0, '普通用户'), (1, '会员'), (2, '超级用户')) # 指定choice,可以快速的通过数字,取出文字 user_type = models.IntegerField(choices=user_choice, default=0) pwd = models.CharField(max_length=32) # 用户token class UserToken(models.Model): token = models.CharField(max_length=64) user = models.OneToOneField(to=UserInfo) class Book(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) price = models.DecimalField(max_digits=5, decimal_places=2) publish_date = models.DateField() publish = models.ForeignKey(to='Publish', to_field='nid', on_delete=models.CASCADE) authors = models.ManyToManyField(to='Author') def __str__(self): return self.name class Author(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) age = models.IntegerField() author_detail = models.OneToOneField(to='AuthorDatail', to_field='nid', unique=True, on_delete=models.CASCADE) class AuthorDatail(models.Model): nid = models.AutoField(primary_key=True) telephone = models.BigIntegerField() birthday = models.DateField() addr = models.CharField(max_length=64) class Publish(models.Model): nid = models.AutoField(primary_key=True) name = models.CharField(max_length=32) city = models.CharField(max_length=32) email = models.EmailField() def __str__(self): return self.name def test(self): return self.email
(2)新建权限类
from rest_framework.permissions import BasePermission class UserPermission(BasePermission): # message是出错显示的中文 message = '您没有权限查看' def has_permission(self, request, view): user_type = request.user.user_type # 取出用户类型对应的文字 # 固定用法:get_字段名字_display() user_type_name = request.user.get_user_type_display() print(user_type_name) if user_type == 2: return True else: return False
(3)view层
# 需求,只能超级用户来查看作者详情,其他人不能看 from app01.MyAuth import UserPermission class Authors(APIView): # 局部使用: # permission_classes=[UserPermission,] # 局部禁用: permission_classes = [] def get(self, request, *args, **kwargs): response = {'status': 100, 'msg': '查询成功'} ret = models.Author.objects.all() ser = MySerializer.AuthorSerializer(ret, many=True) response['data'] = ser.data return JsonResponse(response, safe=False) -全局使用 -在setting中配置 REST_FRAMEWORK={ 'DEFAULT_PERMISSION_CLASSES':['app01.MyAuth.UserPermission',] }
choice显示中文:
from rest_framework import serializers from app01 import models class BookSerializer(serializers.ModelSerializer): class Meta: model = models.Book fields = '__all__' class AuthorSerializer(serializers.ModelSerializer): class Meta: model = models.Author fields = '__all__' class UserSer(serializers.ModelSerializer): class Meta: model = models.UserInfo fields = '__all__' user_type=serializers.CharField(source='get_user_type_display')