慕课网-Django入门到进阶-更适合Python小白的系统课程-第7章Django中的用户权限的基本使用-7-6权限验证与cookiesesion(2)
第7章 Django 中的用户权限的基本使用
7-6 权限验证与 cookiesesion(2)
1.在项目 user 下目录 app,修改文件 views.py,修改类 A 的代码,修改成 404 错误
#coding:utf-8
from django.contrib.auth.models import User, Permission
from django.contrib.auth.hashers import make_password
from django.contrib.auth import login, logout, authenticate
from django.shortcuts import render, redirect, reverse
from django.views import View
from django.http import Http404
class Regist(View):
TEMPLATE = 'regist.html'
def get(self, request):
if request.user.is_authenticated:
return redirect(reverse('login'))
error = request.GET.get('error', '')
return render(request, self.TEMPLATE, {'error':error})
def post(self, request):
username = request.POST.get('username')
password = request.POST.get('password')
check_password = request.POST.get('check_password')
if password != check_password:
return redirect('/regist?error=密码不相同')
exists = User.objects.filter(username=username).exists()
if exists:
return redirect('/regist?error=该用户已存在')
user = User.objects.create_user(
username=username,
password=password
)
user.save()
return redirect(reverse('login'))
class Login(View):
TEMPLATE = 'login.html'
def get(self, request):
error = request.GET.get('error', '')
return render(request, self.TEMPLATE, {'error':error})
def post(self, request):
username = request.POST.get("username")
password = request.POST.get("password")
exists = User.objects.filter(username=username).exists()
if not exists:
return redirect('login/?error=没有该用户')
user = authenticate(username=username, password=password)
if user:
login(request, user)
else:
return redirect('/login?error=密码错误')
return redirect('/login')
class LogoutUser(View):
def get(self, request):
logout(request)
return redirect(reverse('login'))
class A(View):
TEMPLATE = 'a.html'
def get(self, request):
if not request.user.is_authenticated:
return redirect('/login')
# a_permission = Permission.objects.get(codename='look_a_page')
if not request.user.has_perm('app.look_a_page'):
raise Http404()
return render(request, self.TEMPLATE)
class B(View):
TEMPLATE = 'b.html'
def get(self, request):
return render(request, self.TEMPLATE)
2.测试
3.在项目 user 下命令行窗口测试组
from django.contrib.auth.models import Group Group.objects.create(name='b') group = Group.objects.get(name='b') group from django.contrib.auth.models import Permission result = Permission.objects.all() result
4.在命令行窗口进入 mysql 界面查看权限表
use django_user; show tables; select * from auth_permission;
5.在在项目 user 下命令行窗口进入 shell 界面测试
python manage.py shell
6.在 shell 界面下测试
from django.contrib.auth.models import User, Group, Permission
user = User.objects.get(username='dewei')
group = Group.objects.get(name='b')
permissions = Permission.objects.filter(content_type_id=8)
permissions
for i in permissions:
group.permissions.add(i)
group.permissions.values()
user.group.add(group)
user.groups.add(group)
user
user.groups.all()
user.user_permissions.values()
7.在项目 user 下目录 app,修改文件 views.py,修改类 B 的代码
#coding:utf-8
from django.contrib.auth.models import User, Permission
from django.contrib.auth.hashers import make_password
from django.db.models import Q
from django.contrib.auth import login, logout, authenticate
from django.shortcuts import render, redirect, reverse
from django.views import View
from django.http import Http404
class Regist(View):
TEMPLATE = 'regist.html'
def get(self, request):
if request.user.is_authenticated:
return redirect(reverse('login'))
error = request.GET.get('error', '')
return render(request, self.TEMPLATE, {'error':error})
def post(self, request):
username = request.POST.get('username')
password = request.POST.get('password')
check_password = request.POST.get('check_password')
if password != check_password:
return redirect('/regist?error=密码不相同')
exists = User.objects.filter(username=username).exists()
if exists:
return redirect('/regist?error=该用户已存在')
user = User.objects.create_user(
username=username,
password=password
)
user.save()
return redirect(reverse('login'))
class Login(View):
TEMPLATE = 'login.html'
def get(self, request):
error = request.GET.get('error', '')
return render(request, self.TEMPLATE, {'error':error})
def post(self, request):
username = request.POST.get("username")
password = request.POST.get("password")
exists = User.objects.filter(username=username).exists()
if not exists:
return redirect('login/?error=没有该用户')
user = authenticate(username=username, password=password)
if user:
login(request, user)
else:
return redirect('/login?error=密码错误')
return redirect('/login')
class LogoutUser(View):
def get(self, request):
logout(request)
return redirect(reverse('login'))
class A(View):
TEMPLATE = 'a.html'
def get(self, request):
if not request.user.is_authenticated:
return redirect('/login')
if not request.user.has_perm('app.look_a_page'):
raise Http404()
return render(request, self.TEMPLATE)
class B(View):
TEMPLATE = 'b.html'
def get(self, request):
b_permission = Permission.objects.filter(codename='look_b_page').first()
users = User.objects.filter(Q(groups__permissions=b_permission)| Q(user_permissions=b_permission)).distinct()
if request.user not in users:
raise Http404()
return render(request, self.TEMPLATE)
8.测试
posted on 2020-02-14 09:11 herisson_pan 阅读(7) 评论(0) 收藏 举报
浙公网安备 33010602011771号