Ros*_*ote 7 authentication django permissions api-key django-rest-framework
我正在尝试使用令牌身份验证创建一个api.我的问题是我不希望令牌与用户帐户相关联,而是与帐户模型相关联.
例如:
class Account(models.Model):
slug = models.SlugField()
name = models.CharField(max_length=255)
website = models.URLField(blank=True, default='')
members = models.ManyToManyField(User, through='AccountMember')
class AccountMember(models.Model):
ADMIN = 1
MANAGER = 2
MEMBER = 3
ROLES = (
(ADMIN, 'administrator'),
(MANAGER, 'manager'),
(MEMBER, 'member'),
)
user = models.ForeignKey(User)
account = models.ForeignKey(Account)
role = models.PositiveSmallIntegerField(choices=ROLES)
date_joined = models.DateField(auto_now_add=True)
class Token(models.Model):
"""
The default authorization token model.
"""
key = models.CharField(max_length=40, primary_key=True)
account = models.ForeignKey(Account, related_name='auth_tokens')
only_allowed_ips = models.BooleanField(default=False)
ip_list = models.TextField(default='', blank=True)
created = models.DateTimeField(auto_now_add=True)
如您所见,有多个用户与一个帐户关联,因此将令牌分配给他们将是无用的.
我还希望能够为帐户添加多个令牌.
有谁知道我可以向这样的系统添加身份验证/权限的最佳方式?
您必须复制以下类:
django.contrib.auth.backends.ModelBackend:检查身份验证和权限 django.contrib.auth.middleware.AuthenticationMiddleware:设置与请求链接的帐户
可能您必须创建另一个 django.contrib.auth.models.Permission 来存储您的帐户相关权限
| 归档时间: |
|
| 查看次数: |
612 次 |
| 最近记录: |