Auth中的表
简介
1. User:User是auth模块中维护用户信息的关系模式(继承了models.Model),数据库中该表被命名为auth_user.2. Group:User对象中有-个名为groups的多对多字段, 多对多关系由auth_user_groups数据表维护。3. Group对象可以通过user_set反向查询用户组中的用户。4. Permission:Django的auth系统提供了模型级的权限控制,即可以检查用户是否对某个数据表拥有增(add),改(change),删(delete)权限。
数据库中的auth表
User模型常用的属性和方法
User模型常用属性和方法username:用户名。email:邮箱。groups:多对多的组。user.permissions:多对多的用户权限。is_staff:是否是admin的管理员。is_active:是否激活,判断该用户是否可用。is_superuser:是否是超级用户。.last_login:.上次登录时间。date_joined:注册时间。is_authenticated:是否验证通过了。is_anonymous:是否是匿名用户。set_password(raw_password):设置密码,传原生密码进去。check_password(raw_password):检查密码。has_perm(perm):判断用户是否有某个权限。has_perms(perm_list):判断用户是否有权限列表中的某个列表
Auth中认证系统功能
create_user创建用户authenticate验证登录login记住用户的登录状态logout退出登录is_authenticated判断用户是否登录login_required 判断用户是否登录的装饰器
逻辑设计
1. 使用内置的auth_ _user表来存储用户注册信息.2. 使用auth系统中的login,logout,authenticate实现登录,退出和验证登录3. 给blog中的视图设置登录使用权限4. 给添加博客设置用户的权限### 注意对于这个登录注册的例子中,我们把之前自己定义的模型类改成了使用auth,系统中的User模型类,在User类中同样存在着用户名,密码,邮箱这几个字段,所以我们可以继续使用之前的form表单和之前用过的模板.
登录注册的实现
第一步—-导入包以及修改类
# 导入指定包from django. contrib. auth import login, logout, authent icatefrom django. contrib. auth. models import User, Permi ssion, Group# 分别修改登录注册类-------------------------------注册里面模型类的相关修改---------------------------------#### 不用自己创建的UserModel 直接使用auth里面的User模型UserModel.objects.create (username=username, password=password, email=email) # 原代码User.objects.create_user (username=username, password=password, email=email)-------------------------------登录里面模型类的相关修改---------------------------------user = UserModel.objects.filter (username=username, password=password) # 原代码user = authenticate(username=username, password=password)
第二步—-使用auth系统实现状态保持
--------------登录里面状态保存的修改---------------------if user:# request.session[username] = usernamelogin(request, user)--------------退出登录里面的修改---------------------def logout_view (request):# request. session.flush ()logout (request)return redirect(reverse('ss_ form home'))
第三步—-使用两个装饰器
---------------------------settings中配置登录的URL-------------------LOGIN_URL = '/ts44/login/'-----------给需要登录权限才能进入的视频添加login_required装饰器---------@login_requireddef index(request):return render(requests, 'blog/demo_index.html')---------------------------next_url的使用----------------------------if user:'''从刚才的登录页跳转中,我们会看到一个next的参数,这个参数前面的需要登录的那个视图的ur.'''login (request, user)next_url = request.GET.get(next)if next_url:print(next_ _ur1)return redirect (next_ url)return redirect (reverse(’ts44_ home' ))------------------------permission_required装饰器-----------------------@permission_required(appname.codename(权限名称))给blogapp当中的add添加博客的视图设置权限from django.contrib.auth.decorators import permission required@permission_required('blog.add_blogmodel') # 对某个类添加权限def add_get_post(request):if request.method == 'GET': # 分别处理GET和POST请求return render (request,'blog/demo_ add.html' )elif request.method == 'POST':title = request.POST.get('title')content = request.POST.get('content')blog = BlogMode1(title=title,content=content)blog.save()return redirect(reverse('add_cls_def'))----------------------------对特定对象赋予权限---------------------------------# 添加用户# User.objects.create_user(username='xixi',password='qwe123’ ,email=’12345@qq.com’)# 修改密码xixi = User.objects.filter(username='xixi').first()# taka.set_password(qwe123)# taka.save()#给taka添加可以add BlogMode1的权限permission = Permission.objects.filter(codename='add_blogmodel' ).first()# print(permission)# taka.user_permissions.add(permission)
Permission权限模型
mysql> select * from auth_permission;+----+-------------------------+-----------------+--------------------+| id | name | content_type_id | codename |+----+-------------------------+-----------------+--------------------+| 1 | Can add log entry | 1 | add_logentry || 2 | Can change log entry | 1 | change_logentry || 3 | Can delete log entry | 1 | delete_logentry || 4 | Can view log entry | 1 | view_logentry || 5 | Can add permission | 2 | add_permission || 6 | Can change permission | 2 | change_permission || 7 | Can delete permission | 2 | delete_permission || 8 | Can view permission | 2 | view_permission || 9 | Can add group | 3 | add_group || 10 | Can change group | 3 | change_group || 11 | Can delete group | 3 | delete_group || 12 | Can view group | 3 | view_group || 13 | Can add user | 4 | add_user || 14 | Can change user | 4 | change_user || 15 | Can delete user | 4 | delete_user || 16 | Can view user | 4 | view_user || 17 | Can add content type | 5 | add_contenttype || 18 | Can change content type | 5 | change_contenttype || 19 | Can delete content type | 5 | delete_contenttype || 20 | Can view content type | 5 | view_contenttype || 21 | Can add session | 6 | add_session || 22 | Can change session | 6 | change_session || 23 | Can delete session | 6 | delete_session || 24 | Can view session | 6 | view_session || 25 | Can add department | 7 | add_department || 26 | Can change department | 7 | change_department || 27 | Can delete department | 7 | delete_department || 28 | Can view department | 7 | view_department || 29 | Can add student | 8 | add_student || 30 | Can change student | 8 | change_student || 31 | Can delete student | 8 | delete_student || 32 | Can view student | 8 | view_student || 33 | Can add book info | 9 | add_bookinfo || 34 | Can change book info | 9 | change_bookinfo || 35 | Can delete book info | 9 | delete_bookinfo || 36 | Can view book info | 9 | view_bookinfo || 37 | Can add user | 10 | add_user || 38 | Can change user | 10 | change_user || 39 | Can delete user | 10 | delete_user || 40 | Can view user | 10 | view_user |+----+-------------------------+-----------------+--------------------+40 rows in set (0.00 sec)
业务逻辑修改
### views视图的改写def home1(request):username = request.session.get('username', '未登录') # auth改写return render(request, 'user/home.html', context={'username':username})def logout_auth(request):# 退出登录的逻辑# 1. 退出状态,在session# request.session.flush()logout(request) # auth改写return redirect(reverse('home1'))### URL匹配path('login_auth/', views.login_auth, name="login_auth"), # 使用user表创建登录页面path('logout_auth/', views.logout_auth, name="login_auth"), # 使用user表创建退出页面
权限的实现
注意
在项目look下实施
总结
概述
主要了解用户,权限,组
用auth方法改写之前的login, logout等业务逻辑
知识回顾
1,创建Djangomtv + Tablpip install django == 2.0.10python manage.py startporojectpython mange.py startapp 子应用名注册子应用URL路由和模板渲染utls.pyfrom django.utls import path, includeurlpatterns是一个列表,负责路径匹配匹配规则:从上至下,从左至右有接口函数则返回数据,没有则返回404模板渲染的方式render()参数:request, template_name, context语法:{{name}}过滤器|过滤器的管道|2,模板标签{% %}成对出现,诸如:block, load, url3,模型基础继承自models.ModelORM, MySQL数据库表之间的关系属性--->字段类型--->字段类型常用命令python mange.py makemigrations [可以指定app] 生成迁移文件python mange.py migrate 执行迁移4, 常用查询及表关系all()get()filter()表关系一对多,一对一,多对多外键关联book = models.ForeignKey('User', on_delete=models.CASCADE) # 级联删除,一删除则多也会删除---连根拔起一对多查询的所有方法:多的一方类型名小写5, 博客小案例及模型内容的补充实现登录注册功能,模板抽取(抽取静态页面)静态页面和动态页面的区别安全性,兼容性和版本问题模型内容的补充:class Meta:db_table = "数据库表名"def str():return self.name请求和响应http超文本传输协议,应用层,明文, 无状态https同上,加密request, HttpResponseJsonResponse状态保持cookie和session表单Django自带,提交表单,cookiepath 路径的参数method 指定请求方式,GET, POSTform6, 中间件及上下文处理器
若有收获,就点个赞吧
0 人点赞
