Access control is how to achieve?
In general, only the first, certification authority, that is, after the user logs in order to determine its rights, the user is not logged in to give him a default permissions.
Django receives a request, first of all checked privileges, if by checking with access permissions, to be released into the view processing. If the check does not pass, does not enter the view layer, directly corresponding to the front-end returns.
Use access control
Access control categories:
MyPermission class (BasePermission):
the Message = "You do not have permission"
DEF has_permission (Self, Request, View):
# determine whether the user has permission, a logical own definition. The return value is True or False, have permission or do not have permission on behalf of
USER_OBJ = request.user
IF user_obj.type == 3:
return False
the else:
return True
views.py:
Import APIView rest_framework.views from
from utils.permission Import MyPermission
class the TestView (APIView):
permission_classes = [MyPermission,] # using the access control, access control may use a plurality of classes while
def get (self, request, * args, ** kwargs):
Pass
DEF POST (Self, Request, * args, ** kwargs):
Pass
'' '
so a series of views a method function
' ''
Global access control:
settings.py
REST_FRAMEWORK = {
"DEFAULT_PERMISSION_CLASSES" :['utils.permission.Mypermission',]
}
Note: If the class does not have permission judgment portion, it may be added Mypermission class " permission_classes = [] ", to
Source code analysis
In fact, the source of authority with the process of certification process is basically the same. To know what or to seize by source, or it will fall into a broad array of source.
1. Why use permission_classes property variables?
python object-oriented programming, we must first method of execution is certainly dispatch method, so our analysis is the entrance dispatch method, dispatch method, you can see the request django native had a package by initialize_request method. As can be seen from the implementation process of the method initialize_request encapsulates a Request object would be instantiated. But the judge did not like the certification authority as a Request to initialize the object, but the request to django package native still needs to be emphasized, because the process of writing code to use django native request is the inevitable.
Similarly, the authority to determine the specific process of certification with the same, initial method is called in the dispatch method of implementation. Jump to initial method to go.
In the initial approach, the method can be seen right judgment, yes, that is achieved through check_permissions method. To jump to this method.
In check_permissions method, you can see the judge's permission is through this for loop implementation. Because there may be several types of privileges in business code in judgment, so we will go to execute permissions defined classes to complete judgment to determine the function of multiple privileges through the circulation system. In this way, we can feel here, "self.get_permissions ()" should return value is the value we had assigned in the view class permissions_classes property variables. It jumps to go and see this method.
In get_permissions method to see, like certification, the return value is a list of the same formula, and property variables used in the formula list assignment is exactly what we had permission_classes, with speculation before we completely consistent. In summary, we have to make our own authority to determine class interfaces defined on drf source use, then we have to write the source code in accordance with the excuse, the permission_classes attribute variable assignment
2. On the Permissions class to determine why would define a name for has_permission way?
回到check_permissions方法中,我们看if判断句,前面刚刚说过,在for中的permission其实就是我们自己定义的权限判断类,那么在if句中的“.has_permission(request,self)”不就应该就是Mypermission类中的方法吗?所以,我们自己定义的Mypermission类中一定要实现has_permission这个方法。(要注意这个方法的参数)
3.has_permission方法中,为什么返回值为布尔值?
还是跟上一个问题一样的,在上图中的if句中,我们可以看到“permission.has_permission(request, self)”的返回值不就是布尔值吗,这个返回值不就是has_permission方法返回值吗?当返回值为False时,就会执行if句中的代码,来抛出异常。
