added custom permission; added login/logout function

23d86193 · Administrator · f36e7f0f · 23d86193 · 23d86193
Commit 23d86193 authored Jun 04, 2024 by Administrator
--- a/django_rest/urls.py
+++ b/django_rest/urls.py
@@ -21,5 +21,6 @@ from rest_framework.documentation import include_docs_urls
 urlpatterns = [
    path('admin/', admin.site.urls),
    path('my_app/', include('my_app.urls')),
-    path('docs/', include_docs_urls(title="DRF API文档", description="Django REST Framework快速入门"))
+    path('docs/', include_docs_urls(title="DRF API文档", description="Django REST Framework快速入门")),
+    path('api-auth', include('rest_framework.urls'))
 ]
--- a/my_app/views.py
+++ b/my_app/views.py
@@ -14,12 +14,17 @@ from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework import status

+# Import for custom permission
+from my_app.permissions import CustomPermission
+
 """
 CBV - Class based views
 """
 # Used to query multiple items or create new item
 class DemoUserList(APIView):

+    permission_classes = [CustomPermission]
+
    # Query all items
    def get(self, request, format=None):
        demo_users = DemoUsers.objects.all()
@@ -28,6 +33,7 @@ class DemoUserList(APIView):

    # Create new item
    def post(self, request, format=None):
+
        serializer = DemoUsersSerializer(data=request.data)
        if serializer.is_valid():
            serializer.save(created_by=self.request.user.username)
@@ -42,6 +48,8 @@ class DemoUserList(APIView):
 # Used to query/update/delete single item
 class DemoUserDetail(APIView):

+    permission_classes = [IsAuthenticated]
+
    # Implementation of get single item
    def get_object(self, pk):
        try: