1. 技术文章
  2. restful 图书管理

restful 图书管理

左心房为你撑大大i 提交于 2019-12-12 02:32:47

模型

class BookUser(models.Model):
    username = models.CharField(max_length=32, null=False,unique=True)
    pwd = models.CharField(max_length=256,null=False)

    class Meta:
        db_table = 'bookuser'

class Book(models.Model):
    b_name = models.CharField(max_length=32, null=False)
    b_price = models.FloatField(default=10)
    b_user = models.ForeignKey(BookUser, on_delete=models.CASCADE,default=1)#外键
#用户认证所需要的模型,储存用户登录的信息
class UserToken(models.Model):
    token = models.CharField(max_length=64, unique=True, null=False)
    user_id = models.IntegerField(default=0)

视图 更新ing

class UserView(generics.GenericAPIView):
    queryset = BookUser.objects.all()
    serializer_class = BookUserSerializer
    def post(self,request,*args,**kwargs):
        action = request.query_params.get('action')#判断前端传过来的参数,要使用哪种行为
        if action == 'register':
            return self.do_register(request, *args, **kwargs)
        elif action == 'login':
            return self.do_login(request,*args,**kwargs)
        else:
            return self.handle_unknown_action(request,*args,**kwargs)
    def do_register(self,request,*args,**kwargs):
        serializer = self.get_serializer(data=request.data)
        if not serializer.is_valid():
            data = {
                'msg':'erroe',
                'status':status.HTTP_400_BAD_REQUEST,
                'data':serializer.errors
            }
            return Response(data)
        pwd = request.data.get('pwd')
        serializer.save(pwd = pwd)
        data ={
            'msg':'OK',
            'status':status.HTTP_201_CREATED,
            'data':serializer.data
        }
        return Response(data)
    def do_login(self,request, *args,**kwargs):
        username = request.data.get('username')
        pwd = request.data.get('pwd')

        users = self.get_queryset().filter(username=username)
        if not users.exists():
            data ={
                'msg':'用户不存在',
                'status':status.HTTP_401_UNAUTHORIZED,


            }
            return Response(data)

        user = users.last()
        if user.pwd != pwd:
            data = {
                'msg':'密码错误',
                'status':status.HTTP_401_UNAUTHORIZED,

            }
        token = uuid.uuid4().hex#生成token
        UserToken.objects.create(token=token, user_id=user.id)#存储
        data = {
            'msg':'登录成功',
            'status':status.HTTP_200_OK,
            'data':{
                'token':token
            }
        }
        return Response(data)
    def handle_unknown_action(self,request,*args,**kwargs):
        data ={
            'msg':'unknown action',
            'status':status.HTTP_400_BAD_REQUEST,
        }
        return Response(data)

class BooksView(ModelViewSet):
    queryset = Book.objects.all()
    serializer_class = BookSerializer
    authentication_classes = [BookUserTokenAuthentication,] #用户认证
    permission_classes = [BookUserPermission,]#权限认证
#确定认证完成后每个用户只能查看和创建自己的书籍,我们需要重写方法
    def perform_create(self, serializer):
        serializer.save(b_user = self.request.user)

    def list(self, request, *args, **kwargs):
        b_user_id = request.user.id
        # queryset = self.filter_queryset(self.get_queryset())
        queryset = Book.objects.filter(b_user_id=b_user_id)


        page = self.paginate_queryset(queryset)
        if page is not None:
            serializer = self.get_serializer(page, many=True)
            return self.get_paginated_response(serializer.data)

        serializer = self.get_serializer(queryset, many=True)
        return Response(serializer.data)
    def destroy(self, request, *args, **kwargs):
        instance = self.get_object()
        if instance.b_user_id != request.user.id:
            raise Exception('你未拥有该书籍')
        self.perform_destroy(instance)
        return Response(status=status.HTTP_204_NO_CONTENT)
    def retrieve(self, request, *args, **kwargs):
        instance = self.get_object()
        if instance.b_user_id != request.user.id:
            raise Exception('你未拥有该书籍')
        serializer = self.get_serializer(instance)
        return Response(serializer.data)

URL

path('users/',views.UserView.as_view()),
    path('books/',views.BooksView.as_view({'get':'list','post':'create'})),
    path('books/<int:pk>/',views.BooksView.as_view({'get':'retrieve','put':'update','patch':'partial_update','delete':'destroy'})),

authentications
查看用户是否已经登录

from rest_framework.authentication import BaseAuthentication
from .models import *
class BookUserTokenAuthentication(BaseAuthentication):
    def authenticate(self, request):
        try:
            token = request.query_params.get('token')
            user_tokens = UserToken.objects.filter(token = token)
            if not user_tokens.exists():
                raise Exception('用户不存在')
            user_token = user_tokens.first()
            book_user = BookUser.objects.get(id=user_token.user_id)
            return book_user, token
        except Exception as e:
            print(e)
            print('认证失败')

permissions
权限认证

from rest_framework.permissions import BasePermission

from Two.models import BookUser


class BookUserPermission(BasePermission):

    def has_permission(self, request, view):
        # 认证成功 会将user存储在request上,  我们只需要判定 user是BookUser对象
        return isinstance(request.user, BookUser)
标签
token
restful
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!