Django官方文档小结(四) -- 用户及权限
Django 用户及权限1 环境Python3.7.3Django==2.0.72 用户2.1 User对象这里推...
扫描右侧二维码阅读全文
05
2021/11

Django官方文档小结(四) -- 用户及权限

  1.  Home
  2. Text  
    3. Share to:

Django 用户及权限

1 环境

Python3.7.3
Django==2.0.7

2 用户

2.1 User对象

这里推荐使用 AbstractUser, 而不是User

使用方法
from django.contrib.auth.models import AbstractUser

class UserProfile(AbstractUser):

# ...

在settings.py中配置 AbstractUser
AUTH_USER_MODEL = 'app名.UserProfile'
1
普通用户创建
创建用户最直接的方法是使用包含的 create_user()帮助函数:

models.UserProfile.objects.create_user(username="cox",password="cox123456")

<UserProfile: cox>

超级管理员用户创建
超级管理员email字段不能为空

models.UserProfile.objects.create_superuser(username="admin",password="cox123456",email="job@minhung.me")

<UserProfile: admin>

2.2 用户密码管理

密码更改

user_obj = models.UserProfile.objects.get(username='cox')
user_obj.set_password('new password')
user_obj.save()

用户验证
from django.contrib.auth import authenticate
user = authenticate(username='cox', password='cox123456')
if user:

# 用户名密码匹配正确

else:

# 用户名密码不匹配

自定义用户验证
当用户需要邮箱登录时,验证的是邮箱和密码,所以需要自定义用户验证

from django.contrib.auth.backends import ModelBackend
from django.db.models import Q
from app import models

class CustomBackend(ModelBackend):

"""
自定义用户验证规则
"""
def authenticate(self, username=None, password=None, **kwargs):
    try:
        user = models.userprofile.objects.get(Q(username=username)|Q(email=username))
        if user.check_password(password):
            return user
    except Exception as e:
        print("用户登录验证异常except:", e)
        return None

在settings.py中配置

路径是CustomBackend的路径

AUTHENTICATION_BACKENDS = (

'django_restframework.authenticates.authenticate.CustomBackend',

)

3 权限

API 描述
user_obj.user_permissions.set([permission_list]) 用户对象设置权限
user_obj.user_permissions.add(permission, permission, …) 用户对象添加权限
user_obj.user_permissions.remove(permission, permission, …) 用户对象删除权限
user_obj.user_permissions.clear() 用户对象清除所有权限

3.1 权限表结构

from django.contrib.auth.models import Permission

class Permission(models.Model):

name = models.CharField(max_length=255) # 权限名 
content_type = models.ForeignKey(
    ContentType,
    models.CASCADE,
) # 内容类型 
codename = models.CharField(max_length=100)

3.2 操作权限

新增权限

c_type = ContentType.objects.get(app_label='app')
Permission.objects.create(name='text per',codename='per1',content_type=c_type)

<Permission: app | user | text per>

20190528091138-image.png

用户添加权限

per2 = Permission.objects.create(name='text per2',codename='per2',content_type=c_type)
user_obj.user_permissions.add(per2)

1
2
获取用户所有权限

user_obj.user_permissions.all()

<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>

用户删除权限

清空用户权限

user_obj.user_permissions.all()

<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>

user_obj.user_permissions.clear()
user_obj.user_permissions.all()

<QuerySet []>

查看所有权限

Permission.objects.all()

<QuerySet [<Permission: admin | log entry | Can add log entry>, <Permission: admin | log entry | Can change log entry>, <Permission: admin | log entry | Can delete log entry>, <Permission: app | user | Can add user>, <Permission: app | user | Can change user>, <Permission: app | user | Can delete user>, <Permission: app | user | text per>, <Permission: app | user | text per2>, <Permission: auth | group | Can add group>, <Permission: auth | group | Can change group>, <Permission: auth | group | Can delete group>, <Permission: auth | permission | Can add permission>, <Permission: auth | permission | Can change permission>, <Permission: auth | permission | Can delete permission>, <Permission: contenttypes | content type | Can add content type>, <Permission: contenttypes | content type | Can change content type>, <Permission: contenttypes | content type | Can delete content type>, <Permission: sessions | session | Can add session>, <Permission: sessions | session | Can change session>, <Permission: sessions | session | Can delete session>]>

4 权限组

API 描述
user_obj.groups.set([group_list]) 用户设置权限组
user_obj.groups.add(group, group, …) 用户对象添加权限组
user_obj.groups.remove(group, group, …) 用户对象删权限组
user_obj.groups.clear() 用户对象清除所有权限组

4.1 权限组表结构

from django.contrib.auth.models import Group

class Group(models.Model):

name = models.CharField(max_length=80, unique=True) # 权限组名 
permissions = models.ManyToManyField(
    Permission,
    verbose_name=_('permissions'),
    blank=True,
) # 权限组对应的权限

4.2 操作权限组

新增权限组

from django.contrib.auth.models import Group
g_player = Group.objects.create(name='player')
g_player

<Group: player>

20190528102606-image.png

权限组添加权限

g_player.permissions.add(per1)
g_player.permissions.all()

<QuerySet [<Permission: app | user | text per>]>

g_player.permissions.add(per2)
g_player.permissions.all()

<QuerySet [<Permission: app | user | text per>, <Permission: app | user | text per2>]>

权限组删除权限

权限组清空权限

g_player.permissions.clear()
g_player.permissions.all()

<QuerySet []>

权限组添加用户

user_obj.groups.add(g_player) # user_obj用户被添加到g_player权限组中

或 >>> g_player.user_set.add(user_obj) # 一样的效果

user_obj.user_permissions.all()

<QuerySet []> # 为什么是空的???

因为之前已经把用户权限全部清空,用户被加到权限组后,

会拥有权限组的权限,但是并不是自己的权限,在数据库中没有记录,数据库只会记录用户在哪个权限组

如何查看用户是否拥有权限??

g_player.permissions.all() # 查看权限组g_player中的权限

<QuerySet [<Permission: app | user | text per>]> # 权限组g_player拥有per1权限

user_obj.has_perm('app.per1') # 校验用户是否拥有per1权限 -- content_type.codename

True

user_obj.has_perm('app.per2')

False

用户退出用户组

user_obj.groups.remove(g_player)

或 >>> g_player.user_set.remove(user_obj)

user_obj.groups.all()

<QuerySet []>

用户退出所有用户组

user_obj.groups.clear()
user_obj.groups.all()

<QuerySet []>

用户组中所有用户退出组
g_player.user_set.clear()
1

5 自定义权限

pass...

Last modification:November 5th, 2021 at 04:07 pm
© The copyright belongs to the author
If you think my article is useful to you, please feel free to appreciate

Leave a Comment