07.Django中的自定義認證方式和許可權的設計與使用
阿新 • • 發佈:2019-01-01
一:自定義認證方式
前提條件
1:建立簡單的django工程
2:簡單的login模組
3:基礎的配置假設已經完成
以上如果哪點不明白,請檢視前邊章節誒的內容
login/views.py:
class LoginForm(forms.Form):
username=forms.CharField(label="username:",max_length=100)
email = forms.CharField(label = "email:" , max_length = 100)
pwd = forms.CharField(label = "password:" , widget =forms.PasswordInput)
def login(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("login.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data['username']
email = lf.data['email']
pwd = lf.data['pwd']
try :
user = User.objects.get(email=email,username=name)
except User.DoesNotExist:
pass
else:
return HttpResponse("login in:" +user.username + user.email)
login.html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title> Title</title>
</head>
<body>
<form method="get" enctype="multipart/form-data">
{{ lf.as_p }}
<input type="submit" value="OK">
</form>
</body>
</html>
啟動服務
127.0.0.1:8080/logre/login
點選OK:
完工
二:許可權設計與應用
新建一個blog模組,定義models.py:
class Blog(models.Model):
blog_title = models.CharField(blank=False,verbose_name="標題",max_length=20,unique=True)
#blank = False 表示該項必選
blog_time = models.DateTimeField(verbose_name="發表時間")
blog_content = models.TextField(blank=False,verbose_name="內容")
blog_seenum = models.IntegerField(verbose_name="瀏覽量",default=0)
def __unicode__(self):
return self.blog_title
class Meta:
db_table = "blog"
permissions=(
("can_view","can see blogs"),
("can_add","can add blogs"),
("can_edit","can edit blogs"),
("can_delete","can delete blogs"),
)
在admin.py中進行註冊:
class BlogAdmin(admin.ModelAdmin):
list_display = ('blog_title','blog_time','blog_seenum')
list_filter = ('blog_title','blog_time','blog_seenum')
search_fields = ('blog_title','blog_time','blog_seenum')
fields = ('blog_title','blog_time','blog_content','blog_seenum')
ordering = ('-blog_time',)
admin.site.register(Blog,BlogAdmin)
新建註冊頁面:regeister.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form method="get" enctype="multipart/form-data">
{{ lf.as_p }}
<input type="submit" value="OK">
</form>
</body>
</html>
在logre的views模組中新增regeister函式
def regeister(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("regeister.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data["username"]
email = lf.data['email']
pwd = lf.data['pwd']
user = User()
user.username= name
user.email = email
user.pwd = pwd
user.save()
user.user_permissions = [Permission.objects.get(codename="can_view"),Permission.objects.get(codename='can_add')]
user.save()
return HttpResponseRedirect('/logre/login')
修改login函式為:
def login(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("login.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data['username']
email = lf.data['email']
pwd = lf.data['pwd']
try:
user = User.objects.get(email=email,username=name)except User.DoesNotExist:
pass
else:
if user.check_password(pwd):
if user.has_perm('blog.can_view'):
return HttpResponse("you can see blogs")
return HttpResponse("you can not see blogs")
註冊登入:
you can see blogs