drf权限组件

（1）model层

class UserInfo(models.Model):
    name = models.CharField(max_length=32)
    # 写choice
    user_choice = ((0, '普通用户'), (1, '会员'), (2, '超级用户'))
    # 指定choice,可以快速的通过数字,取出文字
    user_type = models.IntegerField(choices=user_choice, default=0)
    pwd = models.CharField(max_length=32)


# 用户token
class UserToken(models.Model):
    token = models.CharField(max_length=64)
    user = models.OneToOneField(to=UserInfo)


class Book(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    price = models.DecimalField(max_digits=5, decimal_places=2)
    publish_date = models.DateField()

    publish = models.ForeignKey(to='Publish', to_field='nid', on_delete=models.CASCADE)
    authors = models.ManyToManyField(to='Author')

    def __str__(self):
        return self.name


class Author(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    age = models.IntegerField()
    author_detail = models.OneToOneField(to='AuthorDatail', to_field='nid', unique=True, on_delete=models.CASCADE)


class AuthorDatail(models.Model):
    nid = models.AutoField(primary_key=True)
    telephone = models.BigIntegerField()
    birthday = models.DateField()
    addr = models.CharField(max_length=64)


class Publish(models.Model):
    nid = models.AutoField(primary_key=True)
    name = models.CharField(max_length=32)
    city = models.CharField(max_length=32)
    email = models.EmailField()

    def __str__(self):
        return self.name

    def test(self):
        return self.email

View Code

（2）新建权限类

from rest_framework.permissions import BasePermission


class UserPermission(BasePermission):
    # message是出错显示的中文
    message = '您没有权限查看'

    def has_permission(self, request, view):
        user_type = request.user.user_type
        # 取出用户类型对应的文字
        # 固定用法:get_字段名字_display()
        user_type_name = request.user.get_user_type_display()
        print(user_type_name)
        if user_type == 2:
            return True
        else:
            return False

（3）view层

# 需求,只能超级用户来查看作者详情,其他人不能看
from app01.MyAuth import UserPermission


class Authors(APIView):
    # 局部使用:
    # permission_classes=[UserPermission,]
    # 局部禁用:
    permission_classes = []

    def get(self, request, *args, **kwargs):
        response = {'status': 100, 'msg': '查询成功'}
        ret = models.Author.objects.all()
        ser = MySerializer.AuthorSerializer(ret, many=True)
        response['data'] = ser.data
        return JsonResponse(response, safe=False)


-全局使用
    -在setting中配置
        REST_FRAMEWORK={
            'DEFAULT_PERMISSION_CLASSES':['app01.MyAuth.UserPermission',]
        }

choice显示中文：

from rest_framework import serializers
from app01 import models


class BookSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Book
        fields = '__all__'


class AuthorSerializer(serializers.ModelSerializer):
    class Meta:
        model = models.Author
        fields = '__all__'


class UserSer(serializers.ModelSerializer):
    class Meta:
        model = models.UserInfo
        fields = '__all__'

    user_type=serializers.CharField(source='get_user_type_display')