django rest框架的字段级权限
djangorestframework-fine-permissions的Python项目详细描述
rest框架的新权限可能性
安装
从pypi安装包:
pip install djangorestframework-fine-permissions
配置设置.py模块:
INSTALLED_APPS=(...'rest_framework_fine_permissions',)REST_FRAMEWORK={'DEFAULT_FILTER_BACKENDS':(# Enable the filter permission backend for all GenericAPIView'rest_framework_fine_permissions.filters.FilterPermissionBackend',),'DEFAULT_PERMISSION_CLASSES':(# Enable the django model permissions (view,create,delete,modify)'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',# OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.'rest_framework_fine_permissions.permissions.FilterPermission',)}
同步django的数据库:
python manage.py syncdb
编辑url.py模块:
fromdjango.conf.urlsimporturlfromdjango.contribimportadminfromrest_framework_fine_permissions.urlsimporturlpatternsasdrffp_urlsurlpatterns=[url(r'^admin/',admin.site.urls),]urlpatterns+=drffp_urls
用法
- Go to the django admin page
- Add field’s permissions to a user with the “User fields permissions” link
- Add filter’s permissions to a user with the “User filters permissions” link
示例
models.py:
fromdjango.dbimportmodelsfromdjango.db.modelsimportSumclassPollsChoice(models.Model):id=models.IntegerField(primary_key=True)choice_text=models.CharField(max_length=200)votes=models.IntegerField()question=models.ForeignKey('PollsQuestion')classMeta:permissions=(('view_pollschoice','Can view pollschoice'),)classPollsQuestion(models.Model):id=models.IntegerField(primary_key=True)question_text=models.CharField(max_length=200)pub_date=models.DateTimeField()classMeta:permissions=(('view_pollsquestion','Can view pollsquestion'),)@propertydefsum_votes(self):returnself.pollschoice_set.aggregate(total=Sum('votes'))['total']@propertydefchoices(self):returnself.pollschoice_set.all()
serializers.py:
importdatetimefromdjango.utilsimporttimezonefromrest_frameworkimportserializersfromrest_framework_fine_permissions.fieldsimportModelPermissionsFieldfromrest_framework_fine_permissions.serializersimportModelPermissionsSerializerfrom.importmodelsclassPollsChoiceSerializer(ModelPermissionsSerializer):classMeta:model=models.PollsChoiceclassPollsQuestionSerializer(ModelPermissionsSerializer):was_published_recently=serializers.SerializerMethodField()votes=serializers.IntegerField(source='sum_votes')choices=ModelPermissionsField(PollsChoiceSerializer)classMeta:model=models.PollsQuestiondefget_was_published_recently(self,obj):returnobj.pub_date>=timezone.now()-datetime.timedelta(days=1)
views.py:
from.importmodelsfrom.importserializersfromrest_frameworkimportgenericsclassPollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):queryset=models.PollsChoice.objects.all()serializer_class=serializers.PollsChoiceSerializer
urls.py:
fromdjango.conf.urlsimportpatterns,urlfromrest_framework.urlpatternsimportformat_suffix_patternsfrom.importviewsurlpatterns=[,url(r'^pollsquestion/(?P<pk>\w+)$',views.PollsQuestionDetail.as_view(),name='pollsquestion-all-detail'),]urlpatterns=format_suffix_patterns(urlpatterns,suffix_required=True)
创建一个没有staff和superuser状态的用户,并添加他的权限:
然后添加用户字段权限:
您终于可以调用您的webservice:
$ curl -X GET -H "Authorization: Token TOKEN" -H "Accept: application/json; indent=4" http://127.0.0.1/webservice/pollsquestion/1.json {"choices": [{"choice_text": "Yes", "id": 1, "votes": 5}, {"choice_text": "No", "id": 2, "votes": 2}], "id": 1, "pub_date": "2017-01-08T09:00:00", "question_text": "Is this a question ?", "votes": 7, "was_published_recently": false}
导入/导出
要导出字段的权限,可以使用以下命令:
python manage.py fine_permissions_dump myuser > /tmp/myuserfieldsperms.json
要导入字段的权限,可以使用以下命令:
python manage.py fine_permissions_load -u anotheruser /tmp/myuserfieldsperms.json