认证
from rest_framework.authentication import BaseAuthentication
from rest_framework.exceptions import AuthenticationFailed
from api.models import *
class AuthToken(BaseAuthentication):
def authenticate(self, request):
token=request.GET.get('token')
token_obj=Token.objects.filter(token=token)
if token_obj:
return token_obj.user,token_obj
else:
raise AuthenticationFailed('验证失败')
全局使用settings配置
REST_FRAMEWORK={
"DEFAULT_AUTHENTICATION_CLASSES":["app01.service.auth.Authentication",]
}
局部使用,只需要在视图类里加入:
authentication_classes = [TokenAuth, ]
权限
class SVIPPermission(object):
message="只有超级用户才能访问"
def has_permission(self,request,view):
username=request.user
user_type=User.objects.filter(name=username).first().user_type
if user_type==3:
return True # 通过权限认证
else:
return False