Django官方文档小结(四) -- 用户及权限
Django官方文档小结(四) -- 用户及权限
Autooooooo
发布于 2020-11-09 10:03:05
发布于 2020-11-09 10:03:05
Django 用户及权限
#1 环境
Python3.7.3
Django==2.0.7#2 用户
#2.1 User对象
这里推荐使用 AbstractUser, 而不是User
- 使用方法
from django.contrib.auth.models import AbstractUser
class UserProfile(AbstractUser):
# ...- 在settings.py中配置 AbstractUser
AUTH_USER_MODEL = 'app名.UserProfile'- 普通用户创建
创建用户最直接的方法是使用包含的 create_user()帮助函数:
>>> models.UserProfile.objects.create_user(username="cox",password="cox123456")
<UserProfile: cox>- 超级管理员用户创建
超级管理员email字段不能为空
>>> models.UserProfile.objects.create_superuser(username="admin",password="cox123456",email="job@minhung.me")
<UserProfile: admin>#2.2 用户密码管理
- 密码更改
>>> user_obj = models.UserProfile.objects.get(username='cox')
>>> user_obj.set_password('new password')
>>> user_obj.save()- 用户验证
from django.contrib.auth import authenticate
user = authenticate(username='cox', password='cox123456')
if user:
# 用户名密码匹配正确
else:
# 用户名密码不匹配 - 自定义用户验证
当用户需要邮箱登录时,验证的是邮箱和密码,所以需要自定义用户验证
from django.contrib.auth.backends import ModelBackend
from django.db.models import Q
from app import models
class CustomBackend(ModelBackend):
"""
自定义用户验证规则
"""
def authenticate(self, username=None, password=None, **kwargs):
try:
user = models.userprofile.objects.get(Q(username=username)|Q(email=username))
if user.check_password(password):
return user
except Exception as e:
print("用户登录验证异常except:", e)
return None在settings.py中配置
# 路径是CustomBackend的路径
AUTHENTICATION_BACKENDS = (
'django_restframework.authenticates.authenticate.CustomBackend',
)#3 权限
API | 描述 |
|---|---|
user_obj.user_permissions.set([permission_list]) | 用户对象设置权限 |
user_obj.user_permissions.add(permission, permission, …) | 用户对象添加权限 |
user_obj.user_permissions.remove(permission, permission, …) | 用户对象删除权限 |
user_obj.user_permissions.clear() | 用户对象清除所有权限 |
#3.1 权限表结构
from django.contrib.auth.models import Permissionclass Permission(models.Model):
name = models.CharField(max_length=255) # 权限名
content_type = models.ForeignKey(
ContentType,
models.CASCADE,
) # 内容类型
codename = models.CharField(max_length=100) #3.2 操作权限
- 新增权限
>>> c_type = ContentType.objects.get(app_label='app')
>>> Permission.objects.create(name='text per',codename='per1',content_type=c_type)
<Permission: app | user | text per>
- 用户添加权限
>>> per2 = Permission.objects.create(name='text per2',codename='per2',content_type=c_type)
>>> user_obj.user_permissions.add(per2)- 获取用户所有权限
>>> user_obj.user_permissions.all()
<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>- 用户删除权限
- 清空用户权限
>>> user_obj.user_permissions.all()
<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>
>>> user_obj.user_permissions.clear()
>>> user_obj.user_permissions.all()
<QuerySet []>- 查看所有权限
>>> Permission.objects.all()
<QuerySet [<Permission: admin | log entry | Can add log entry>, <Permission: admin | log entry | Can change log entry>, <Permission: admin | log entry | Can delete log entry>, <Permission: app | user | Can add user>, <Permission: app | user | Can change user>, <Permission: app | user | Can delete user>, <Permission: app | user | text per>, <Permission: app | user | text per2>, <Permission: auth | group | Can add group>, <Permission: auth | group | Can change group>, <Permission: auth | group | Can delete group>, <Permission: auth | permission | Can add permission>, <Permission: auth | permission | Can change permission>, <Permission: auth | permission | Can delete permission>, <Permission: contenttypes | content type | Can add content type>, <Permission: contenttypes | content type | Can change content type>, <Permission: contenttypes | content type | Can delete content type>, <Permission: sessions | session | Can add session>, <Permission: sessions | session | Can change session>, <Permission: sessions | session | Can delete session>]>#4 权限组
API | 描述 |
|---|---|
user_obj.groups.set([group_list]) | 用户设置权限组 |
user_obj.groups.add(group, group, …) | 用户对象添加权限组 |
user_obj.groups.remove(group, group, …) | 用户对象删权限组 |
user_obj.groups.clear() | 用户对象清除所有权限组 |
#4.1 权限组表结构
from django.contrib.auth.models import Groupclass Group(models.Model):
name = models.CharField(max_length=80, unique=True) # 权限组名
permissions = models.ManyToManyField(
Permission,
verbose_name=_('permissions'),
blank=True,
) # 权限组对应的权限#4.2 操作权限组
- 新增权限组
>>> from django.contrib.auth.models import Group
>>> g_player = Group.objects.create(name='player')
>>> g_player
<Group: player>
- 权限组添加权限
>>> g_player.permissions.add(per1)
>>> g_player.permissions.all()
<QuerySet [<Permission: app | user | text per>]>
>>> g_player.permissions.add(per2)
>>> g_player.permissions.all()
<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>- 权限组删除权限
- 权限组清空权限
>>> g_player.permissions.clear()
>>> g_player.permissions.all()
<QuerySet []>- 权限组添加用户
>>> user_obj.groups.add(g_player) # user_obj用户被添加到g_player权限组中
或 >>> g_player.user_set.add(user_obj) # 一样的效果
>>> user_obj.user_permissions.all()
<QuerySet []> # 为什么是空的???
# 因为之前已经把用户权限全部清空,用户被加到权限组后,
# 会拥有权限组的权限,但是并不是自己的权限,在数据库中没有记录,数据库只会记录用户在哪个权限组如何查看用户是否拥有权限??
>>> g_player.permissions.all() # 查看权限组g_player中的权限
<QuerySet [<Permission: app | user | text per>]> # 权限组g_player拥有per1权限
>>> user_obj.has_perm('app.per1') # 校验用户是否拥有per1权限 -- content_type.codename
True
>>> user_obj.has_perm('app.per2')
False- 用户退出用户组
>>> user_obj.groups.remove(g_player)
或 >>> g_player.user_set.remove(user_obj)
>>> user_obj.groups.all()
<QuerySet []>- 用户退出所有用户组
>>> user_obj.groups.clear()
>>> user_obj.groups.all()
<QuerySet []>- 用户组中所有用户退出组
g_player.user_set.clear()#5 自定义权限
未完待续 ! ! !
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2019-05-28 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读