drf源码剖析----权限

点击查看代码 
class APIView(View):
    permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES

    def permission_denied(self, request, message=None, code=None):
        if request.authenticators and not request.successful_authenticator:
            raise exceptions.NotAuthenticated()
        raise exceptions.PermissionDenied(detail=message, code=code)

    def get_permissions(self):
        return [permission() for permission in self.permission_classes]

    def check_permissions(self, request):
# 循环获取每个权限类对象,并校验权限,有一个不通过则失败
        for permission in self.get_permissions():
            if not permission.has_permission(request, self):
                self.permission_denied(
                    request,
                    message=getattr(permission, 'message', None),
                    code=getattr(permission, 'code', None)
                )

    def initial(self, request, *args, **kwargs):
# 认证组件的流程,循环执行authenticate()方法,认证失败抛出异常;request.user/auth
        self.perform_authentication(request)  
# 权限组件的校验
        self.check_permissions(request)
        self.check_throttles(request)

    def dispatch(self, request, *args, **kwargs):
        self.args = args
        self.kwargs = kwargs
        request = self.initialize_request(request, *args, **kwargs)
        self.request = request
        self.headers = self.default_response_headers  # deprecate?

        try:
            self.initial(request, *args, **kwargs)
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(),
                                  self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed

            response = handler(request, *args, **kwargs)

        except Exception as exc:
            response = self.handle_exception(exc)

        self.response = self.finalize_response(request, response, *args, **kwargs)
        return self.response
点击查看代码 
class MyPermission1(BasePermission):
    message = {'status': False, 'error': 'NoMyPermission1'}

    def has_permission(self, request, view):
        print('MyPermission1')
        return True


class MyPermission2(BasePermission):
    message = {'status': False, 'error': 'NoMyPermission2'}

    def has_permission(self, request, view):
        print('MyPermission2')
        return False

class UserView(APIView):
    # permission_classes = []
    def get(self, request):
        print(request.user, request.auth)
        return Response({'status': True, 'user': request.user.username})
# 扩展
    def check_permissions(self, request):
        no_permission_objects = []
        for permission in self.get_permissions():
            if permission.has_permission(request, self):
                return
            else:
                no_permission_objects.append(permission)
        self.permission_denied(request, 
 message=getattr(no_permission_objects[0], 'message', None),
 code=getattr(no_permission_objects[0], 'code', None))
posted @   周亚彪  阅读(5)  评论(0编辑  收藏  举报
相关博文:
· drf源码剖析----版本、reverse
· drf源码剖析----认证
· drf三大认证之权限源码解析
· DRF-Permission组件源码分析及改编源码
· drf-认证、权限组件
阅读排行:
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
点击右上角即可分享
微信分享提示