Purpose : Try for different Access with different permissions
Just write a class , Permission class , And then in views Just introduce it into , The routine is the same as the right pattern above
So :
Write permission class :
has_permission() return True Indicates that the authority authentication is successful , return False Indicates that the permission fails , This function has three parameters at the same time , The last one is view, This is specified in the source code
Pay attention to the inside message
# The following is the code of permission , No inheritance restframework Class
class MyPermission(object):
message = ' Here you can customize the returned message to be displayed on the front end . This is the practice of class , because has_permission There's a way getattr(permission, "message", None), here message It's defined by myself '
def has_permission(self, request, view): # This function returns True perhaps False,True It means you have permission ,False No permissions , This function has three parameters at the same time , The last one is view, This is specified in the source code
if request.user.user_type != 3:
return False
return True
Written attempt :
class OrderView(APIView):
# Here is the list of permission classes .
permission_classes = [MyPermission,]
# demand : Only svip Only users have permission to see
def get(self, request, *args, **kwargs):
ret = {
'code':1000, 'msg':None, 'data':None} # Used to mark whether the request is successful And data
# Mark the user to log in to see the data here , Otherwise, you won't see the data
# Here we use the above token,, Because only login , Generation token, The user has logged in , Otherwise no token, It means that the user has not logged in
# The authentication method here is more traditional , Not used restframework The certification of the class , If there are many views , You need to write this authentication function in the middle of each view ,
# We can customize a validation class , Then rewrite authenticate() Method , Write the statement to verify login , Then it is necessary to call here . Once and for all
# token = request._request.GET.get('token')
# if not token:
# return HttpResponse(' The user is not logged in , Can't view ')
try:
ret['data'] = ORDER_DICT
except Exception as e:
pass
return JsonResponse(ret)
as follows :
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES':['api.utils.auth.FirstAuthenticate',], # Note this format , there DEFAULT_AUTHENTICATION_CLASSES yes restframework Configure the specified , The following list is the certified classes . The path of the authentication class is written inside
# The following two sentences are the settings of anonymous users :
'UNAUTHENTICATED_USER':None, # anonymous , be request.user = None
'UNAUTHENTICATED_TOKEN':None, # anonymous , be request.token = None
'DEFAULT_PERMISSION_CLASSES':['api.utils.permission.MyPermission'] # Global settings of permission class
}
The following code is inheritance BasePermission The way of writing after that :
# The following is the code of permission , No inheritance restframework Class
class MyPermission(BasePermission):
message = ' Here you can customize the returned message to be displayed on the front end . This is the practice of class , because has_permission There's a way getattr(permission, "message", None), here message It's defined by myself '
def has_permission(self, request, view): # This function returns True perhaps False,True It means you have permission ,False No permissions , This function has three parameters at the same time , The last one is view, This is specified in the source code
if request.user.user_type != 3:
return False
return True
