Day 25 DRF certification related

Day 25 DRF certification related

1. DRF certification function introduction

Only authenticated users can access the specified URL address, such as: to query course information, you can view it after logging in, and you cannot view it without logging in. At this time, you need to use the authentication component

Two, source code analysis

Three, custom certification category (key)

1. Use

Define a class that inherits BaseAuthentication

class LoginAuth(BaseAuthentication):
    def authenticate(self, request):
        print(request.data)
        username = request.data.get('username')
        user = models.User.objects.filter(username=username).first()
        token = models.UserToken.objects.filter(user__username=username).first()
        if token:
            return (user, token.token)  # 一定要返回一个user对象，因为他是用的自己的request，后续需要用到user的地方，都是这里返回的
        
        else:
            raise AuthenticationFailed('您还没有登录！')xxxxxxxxxx class LoginAuth(BaseAuthentication):    def authenticate(self, request):        print(request.data)        username = request.data.get('username')        user = models.User.objects.filter(username=username).first()        token = models.UserToken.objects.filter(user__username=username).first()        if token:            return (user, token.token)                else:            raise AuthenticationFailed('您还没有登录！')clas

Override the authenticate method

​ -Local use and global use
​ -Local: Configure in the view class (as long as it is configured, it can be accessed after logging in, and if it is not configured, it can be accessed without logging in)

authentication_classes = [MyAuthen.LoginAuth, ]
        -全局
REST_FRAMEWORK = {
    
    
        "DEFAULT_AUTHENTICATION_CLASSES": ["app01.MyAuthen.LoginAuth", ]
        }
        

-Note:
1 Authentication class, a tuple can be returned after authentication, there are two values, the first value will be given, request.user, the second value will be request.auth
2 The authentication class can be configured with multiple, according to the previous Execute in backward order, if there is a return value in front, the authentication will not continue to go down

4. Partial use and global use of authentication function

1 全局使用（所有接口，都需要登录才能访问）
	-在配置文件中
        REST_FRAMEWORK = {
    
    
        "DEFAULT_AUTHENTICATION_CLASSES": ["app01.MyAuthen.LoginAuth", ]
        }
2 局部使用
	-在想局部使用的视图类上
	authentication_classes = [MyAuthen.LoginAuth,]
3 局部禁用
	-在想禁用的视图类上
    authentication_classes = []

Five, custom permissions function (key)

1 登录成功以后，超级用户可以干某些事，普通用户不能干---》超级用户可以查看某些接口，普通用户不能查看


2 使用写一个类继承BasePermission，重写has_permission
    class SuperPermission(BasePermission):
        def has_permission(self, request, view):
            # Return `True` if permission is granted, `False` otherwise.
            # 超级用户可以访问，除了超级用户以外，都不能访问
            if request.user.user_type == '1':  # 这里的user就是认证返回的user
                return True
            else:
                return False
            
3 局部使用和全局使用
	-在想局部使用的视图类上
	permission_classes = [MyAuthen.SuperPermission]
    -全局使用
      REST_FRAMEWORK = {
    
    
        "DEFAULT_PERMISSION_CLASSES": ["app01.MyAuthen.SuperPermission", ]
        }
     #在视图类中添加-局部禁用
    permission_classes = []

6. Local and global use of authority functions

1 使用方式
    -在想局部使用的视图类上
	permission_classes = [MyAuthen.SuperPermission]
    -全局使用
      REST_FRAMEWORK = {
    
    
        "DEFAULT_PERMISSION_CLASSES": ["app01.MyAuthen.SuperPermission", ]
        }
     -局部禁用 在视图类中添加
    permission_classes = []

Seven, built-in permissions and authentication classes

# 内置认证类
from rest_framework.exceptions import AuthenticationFailed
# 内置权限类
from rest_framework.permissions import BasePermission