07.Django中的自定义认证方式和权限的设计与使用

一：自定义认证方式

前提条件

1：建立简单的django工程

2：简单的login模块

3：基础的配置假设已经完成

4：User配置参考上一篇博客http://blog.csdn.net/gamer_gyt/article/details/50499653

以上如果哪点不明白，请查看前边章节诶的内容

login/views.py：

class LoginForm(forms.Form):
username=forms.CharField(label="username:",max_length=100)
email = forms.CharField(label = "email:" , max_length = 100)
pwd = forms.CharField(label = "password:" , widget=forms.PasswordInput)

def login(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("login.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data['username']
email = lf.data['email']
pwd = lf.data['pwd']
try:
user = User.objects.get(email=email,username=name)
except User.DoesNotExist:
pass
    else:
return HttpResponse("login in:" +user.username + user.email)

login.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form method="get" enctype="multipart/form-data">
{{ lf.as_p }}
<input type="submit" value="OK">
</form>
</body>
</html>

启动服务

127.0.0.1:8080/logre/login



点击OK：



完工

二：权限设计与应用

新建一个blog模块，定义models.py:

class Blog(models.Model):
blog_title = models.CharField(blank=False,verbose_name="标题",max_length=20,unique=True)
#blank = False 表示该项必选
blog_time = models.DateTimeField(verbose_name="发表时间")
blog_content = models.TextField(blank=False,verbose_name="内容")
blog_seenum = models.IntegerField(verbose_name="浏览量",default=0)
def __unicode__(self):
return self.blog_title
class Meta:
db_table = "blog"
permissions=(
("can_view","can see blogs"),
("can_add","can add blogs"),
("can_edit","can edit blogs"),
("can_delete","can delete blogs"),
)

在admin.py中进行注册：

class BlogAdmin(admin.ModelAdmin):
list_display = ('blog_title','blog_time','blog_seenum')
list_filter = ('blog_title','blog_time','blog_seenum')
search_fields = ('blog_title','blog_time','blog_seenum')
fields = ('blog_title','blog_time','blog_content','blog_seenum')
ordering = ('-blog_time',)

admin.site.register(Blog,BlogAdmin)

新建注册页面：regeister.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form method="get" enctype="multipart/form-data">
{{ lf.as_p }}
<input type="submit" value="OK">
</form>
</body>
</html>

在logre的views模块中添加regeister函数

def regeister(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("regeister.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data["username"]
email = lf.data['email']
pwd = lf.data['pwd']

user = User()
user.username= name
user.email = email
user.pwd = pwd
user.save()

user.user_permissions = [Permission.objects.get(codename="can_view"),Permission.objects.get(codename='can_add')]
user.save()
return HttpResponseRedirect('/logre/login')

修改login函数为：

def login(request):
if ('email' or 'pwd'or 'username') not in request.GET:
lf = LoginForm()
return render_to_response("login.html",{"lf":lf})
lf = LoginForm(request.GET)
name = lf.data['username']
email = lf.data['email']
pwd = lf.data['pwd']
try:
user = User.objects.get(email=email,username=name)
except User.DoesNotExist:
pass
    else:
if user.check_password(pwd):
if user.has_perm('blog.can_view'):
return HttpResponse("you can see blogs")
return HttpResponse("you can not  see blogs")

注册登录：

you can see blogs