rest-framework认证、权限组件

认证组件：

　　models

 1 class User(models.Model):
 2     username = models.CharField(max_length=32)
 3     password = models.CharField(max_length=32)
 4     user_type_entry = (
 5         (1,"Delux"),
 6         (2,"SVIP"),
 7         (3,"VVIP"),
 8     )
 9     user_type = models.IntegerField(choices=user_type_entry)
10 
11     def __str__(self):
12         return self.username
13 
14 
15 class UserToken(models.Model):
16     user = models.OneToOneField("User",on_delete=models.CASCADE)
17     token = models.CharField(max_length=128)

　　写一个认证类

 1 from rest_framework.authentication import BaseAuthentication
 2 from rest_framework.exceptions import APIException
 3 
 4 from app01.models import UserToken
 5 
 6 
 7 class UserAuth(BaseAuthentication):
 8     # 所有认证的逻辑都在authenticate中
 9     def authenticate(self, request):
10         user_token = request.GET.get("token")
11         token = UserToken.objects.filter(token=user_token).first()
12         if token:
13             return token.user, token.token
14         else:
15             raise APIException("没有认证！")

　　views中

 1 class UserView(APIView):
 2 
 3     def post(self,request):
 4         # 定义返回消息
 5         response = dict()
 6         # 定义需要的用户信息
 7         fields = {"username", "password"}
 8         # 定义一个用户信息字典
 9         user_info = dict()
10 
11         if fields.issubset(set(request.data.keys())):
12             for key in fields:
13                 user_info[key] = request.data[key]
14 
15         user_obj = User.objects.filter(**user_info).first()
16 
17         if user_obj:
18             access_token = get_random_str()
19             UserToken.objects.update_or_create(user=user_obj,defaults={
20                 "token": access_token
21             })
22 
23             response["status_code"] = 200
24             response["status_message"] = "登录成功"
25             response["access_token"] = access_token
26             response["user_role"] = user_obj.get_user_type_display()
27         else:
28             response["status_code"] = 201
29             response["status_message"] = "登录失败，用户名或密码错误"
30 
31         return Response(response)

　　权限类

1 from rest_framework.permissions import BasePermission
2 
3 class UserPerm(BasePermission):
4     message = "您没有查看数据的权限！"
5 
6     def has_permission(self,request,view):
7         if request.user.user_type == 3:
8             return True
9         return False

　　在需要认证和权限的视图类中加入

1 class BookView(ModelViewSet):
2     authentication_classes = [UserAuth]
3     permission_classes = [UserPerm]
4     queryset = Book.objects.all()
5     serializer_class = BookSerializer