--------authentication_classes:
代码如下:
class APIView(View): # The following policies may be set at either globally, or per-view. renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES parser_classes = api_settings.DEFAULT_PARSER_CLASSES authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASS metadata_class = api_settings.DEFAULT_METADATA_CLASS versioning_class = api_settings.DEFAULT_VERSIONING_CLASS
作用是:指定何种方式进行用户身份的认证
---------def perform_authentication(self, request) :
“”“重写父类的验证方法”“”
pass
它是具体认证的逻辑代码,用request.user来取值,如果不为None,说明验证通过
class CartView(APIView): """购物车后端的增删改查""" def perform_authentication(self, request): """ 重写父类的验证方法,不在检查JWT 保证用户未登录的情况下也能进行下面的请求方法 不让他执行request.user的方法 """ # request.user pass def get(self, request): """查询""" # 需求是:根据判断用户是否登陆,进行不同的操作,判断用户是否登陆 try:
------------permission-class
class AddressViewSet(mixins.CreateModelMixin, mixins.UpdateModelMixin, GenericViewSet): """ 用户地址新增与修改 """ serializer_class = serializers.UserAddressSerializer permissions = [IsAuthenticated] def get_queryset(self): return self.request.user.addresses.filter(is_deleted=False) def list(self, request, *args, **kwargs): """ 用户地址列表数据 """
permissions = [IsAuthenticated, IsAdminUser, ]
表示认证到什么程度, 前提是必须登录了,才可以使用该方法
比如:
IsAuthenticated:用户
IsAdminUser:特权用户