权限

源码与认证组件很类似，这里只给出关键点

def check_permissions(self, request):
    for permission in self.get_permissions():
        if not permission.has_permission(request, self):
            self.permission_denied(
                request, message=getattr(permission, 'message', None)
                )



def get_permissions(self):
     return [permission() for permission in self.permission_classes]

 

 

 

class UserInfo(models.Model):
    name = models.CharField(max_length=32)
    # 写choice
    user_choice=((0,'普通用户'),(1,'会员'),(2,'超级用户'))
    # 指定choice,可以快速的通过数字,取出文字
    user_type=models.IntegerField(choices=user_choice,default=0)
    pwd = models.CharField(max_length=32)

# 用户token
class UserToken(models.Model):
    token = models.CharField(max_length=64)
    user = models.OneToOneField(to=UserInfo)
class Book(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    price = models.DecimalField(max_digits=5, decimal_places=2)
    publish_date = models.DateField()

    publish = models.ForeignKey(to='Publish', to_field='nid', on_delete=models.CASCADE)
    authors = models.ManyToManyField(to='Author')

    def __str__(self):
        return self.name


class Author(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    age = models.IntegerField()
    author_detail = models.OneToOneField(to='AuthorDatail', to_field='nid', unique=True, on_delete=models.CASCADE)


class AuthorDatail(models.Model):
    nid = models.AutoField(primary_key=True)
    telephone = models.BigIntegerField()
    birthday = models.DateField()
    addr = models.CharField(max_length=64)


class Publish(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    city = models.CharField(max_length=32)
    email = models.EmailField()

    def __str__(self):
        return self.name

    def test(self):
        return self.email

 

使用方式同认证相似

#创建py文件，在文件中创建类
from rest_framework.permissions import BasePermission
class UserPermission(BasePermission):
    message = '不是超级用户，查看不了'      #权限认证失败的返回值可以在这改
    def has_permission(self, request, view):    #必须有这个方法
        user_type = request.user.user_type
        if user_type == 1:
            return True
        else:
            return False

局部使用

#在类中
permission_classes = [UserPermission,]

全局使用

#与auth在同一个地方，如下
REST_FRAMEWORK={
    "DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",],
    "DEFAULT_PERMISSION_CLASSES":["app01.service.permissions.SVIPPermission",]      #文件路径
}


#局部禁用
#在类中
permission_classes = []

 

class UserInfo(models.Model):
    name = models.CharField(max_length=32)
    user_choice=((0,'普通用户'),(1,'会员'),(2,'超级用户'))
    user_type=models.IntegerField(choices=user_choice,default=0)

#如何通过user_type字段拿到，，普通用户，，普通用户
#正常情况下拿到的是0，1，2

------------------------------------------------------

#在序列化类中
class UserSer(serializers.ModelSerializer):
    class Meta:
        model = models.UserInfo
        fields='__all__'

    user_type=serializers.CharField(source='get_user_type_display')
        #添加这么一句，'get_user_type_display'是get_字段名_display