drf之权限认证

drf总流程链接

https://www.cnblogs.com/daviddd/p/11918405.html

drf之权限认证

'''
承接总流程5.3的权限控制
权限认证：实例化每一个权限类得到一个对象列表，循环权限对象列表，执行每一个权限对象的
has_permession方法，返回true或者false，true表示通过权限认证，false表示没有通过，并抛出异常
'''

class APIView(View):

	# 配置文件
	permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES
	settings = api_settings
	
	
	
	def initial(self, request, *args, **kwargs):
		"""
		Runs anything that needs to occur prior to calling the method handler.
		"""
		
		# 5.3 权限认证
		self.check_permissions(request)
		
		
	# 执行check_permissionds 函数，循环每一个权限对象，进行权限认证处理
	def check_permissions(self, request):
		"""
		Check if the request should be permitted.
		Raises an appropriate exception if the request is not permitted.
		"""
		# 5.31
		for permission in self.get_permissions():
			if not permission.has_permission(request, self):
				self.permission_denied(
					request, message=getattr(permission, 'message', None)
				)
				
				
	# 5.32 实例化权限类，得到权限对象列表
	def get_permissions(self):
		"""
		Instantiates and returns the list of permissions that this view requires.
		"""
		return [permission() for permission in self.permission_classes]
		
	
	# 5.33判断是否权限通过
	def has_permission(self, request, view):
		"""
		Return `True` if permission is granted, `False` otherwise.
		"""
		# 通过，有权限
		return True
		
		#如果return False,执行5.34的permission_denied函数，见60行，抛出异常
		return False



	def has_object_permission(self, request, view, obj):
		"""
		Return `True` if permission is granted, `False` otherwise.
		"""
		return True
		
	# 5.34抛出异常
	def permission_denied(self, request, message=None):
		"""
		If request is not permitted, determine what kind of exception to raise.
		"""
		if request.authenticators and not request.successful_authenticator:
			raise exceptions.NotAuthenticated()
		raise exceptions.PermissionDenied(detail=message)

自定义权限认证

from rest_framework.permissions import BasePermission


class MyPermission(BasePermission):
    message = {"status": False, "error": "登录成功之后才能评论"}

    def has_permission(self, request, view):
        if request.method == "GET":
            return True
        if request.user:
            return True
        return False

    def has_object_permission(self, request, view, obj):
        return True

局部应用

#py文件模块式引入
class CommentVIew():

    permission_classes = [MyPermission]
    
    pass