added authentication and permission; added api document; hid audit columns from editable api

e2a6de98 · Administrator · cc988a2f · e2a6de98 · e2a6de98 · e2a6de98
Commit e2a6de98 authored Jun 03, 2024 by Administrator
--- a/django_rest/settings.py
+++ b/django_rest/settings.py
@@ -11,6 +11,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
 """
 from pathlib import Path
+import os
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
@@ -26,7 +27,9 @@ SECRET_KEY = 'django-insecure-@*-b&ao&wt@5r7+td8b2z=p!ln0^$#eogbr873wo&o8dqgx%5z
 DEBUG = True
 ALLOWED_HOSTS = [
-    '150.158.130.176'
+    '150.158.130.176',
+    '192.168.1.51',
+    '*'
 ]
@@ -140,3 +143,24 @@ STATIC_URL = 'static/'
 # https://docs.djangoproject.com/en/4.2/ref/settings/#default-auto-field
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+STATIC_ROOT = os.path.join(BASE_DIR, "static")
+STATICFILES_DIRS = [
+    os.path.join(BASE_DIR, "staticfiles"),
+]
+REST_FRAMEWORK = {
+    "DEFAULT_SCHEMA_CLASS": "rest_framework.schemas.coreapi.AutoSchema",
+    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
+    "PAGE_SIZE": 50,
+    "DATETIME_FORMAT": "%Y-%m-%d %H:%M:%S",
+    "DEFAULT_PERMISSION_CLASSES": [
+        "rest_framework.permissions.IsAuthenticated",
+    ],
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "rest_framework.authentication.BasicAuthentication",
+        "rest_framework.authentication.SessionAuthentication",
+        "rest_framework.authentication.TokenAuthentication",
+    ]
+}
\ No newline at end of file
--- a/django_rest/urls.py
+++ b/django_rest/urls.py
@@ -16,8 +16,10 @@ Including another URLconf
 """
 from django.contrib import admin
 from django.urls import path, include
+from rest_framework.documentation import include_docs_urls
 urlpatterns = [
    path('admin/', admin.site.urls),
    path('my_app/', include('my_app.urls')),
+    path('docs/', include_docs_urls(title="DRF API文档", description="Django REST Framework快速入门"))
 ]
--- a/my_app/models.py
+++ b/my_app/models.py
@@ -11,18 +11,18 @@ from django.utils import timezone
 class DemoUsers(models.Model):
    user_id = models.AutoField(primary_key=True)
-    user_name = models.CharField(unique=True, max_length=255)
+    user_name = models.CharField(unique=True, max_length=255, help_text="用户名", verbose_name="用户名")
-    first_name = models.CharField(max_length=255, blank=True, null=True)
+    first_name = models.CharField(max_length=255, blank=True, null=True, help_text="名", verbose_name="名")
-    last_name = models.CharField(max_length=255, blank=True, null=True)
+    last_name = models.CharField(max_length=255, blank=True, null=True, help_text="姓", verbose_name="姓")
-    email = models.CharField(unique=True, max_length=255, blank=True, null=True)
+    email = models.CharField(unique=True, max_length=255, blank=True, null=True, help_text="邮箱地址", verbose_name="邮箱地址")
-    hashed_password = models.CharField(max_length=255)
+    hashed_password = models.CharField(max_length=255, help_text="密码哈希值", verbose_name="密码哈希值")
-    enabled_flag = models.BooleanField()
+    enabled_flag = models.BooleanField(help_text="是否有效", verbose_name="是否有效")
-    effective_from = models.DateTimeField()
+    effective_from = models.DateTimeField(help_text="有效期从", verbose_name="有效期从")
-    effective_to = models.DateTimeField(blank=True, null=True)
+    effective_to = models.DateTimeField(blank=True, null=True, help_text="有效期至", verbose_name="有效期至")
    created_by = models.CharField(max_length=255)
-    creation_date = models.DateTimeField()
+    creation_date = models.DateTimeField(auto_now_add=True)
    last_updated_by = models.CharField(max_length=255, blank=True, null=True)
-    last_update_date = models.DateTimeField(blank=True, null=True)
+    last_update_date = models.DateTimeField(auto_now=True, blank=True, null=True)
    class Meta:
        managed = False
@@ -31,11 +31,11 @@ class DemoUsers(models.Model):
    def __str__(self):
        return self.user_name
-    def save(self, *args, **kwargs):
+    # def save(self, *args, **kwargs):
-        # 检查对象是否存在数据库中，即判断是否有主键pk
+    #     # 检查对象是否存在数据库中，即判断是否有主键pk
-        if self.pk:  # 对象已存在，表示是更新操作
+    #     if self.pk:  # 对象已存在，表示是更新操作
-            # 在这里执行你希望在更新时发生的自动赋值逻辑
+    #         # 在这里执行你希望在更新时发生的自动赋值逻辑
-            self.last_update_date = timezone.now()  # 你的自定义更新逻辑
+    #         self.last_update_date = timezone.now()  # 你的自定义更新逻辑
-        else:
+    #     else:
-            self.creation_date = timezone.now()
+    #         self.creation_date = timezone.now()
-        super().save(*args, **kwargs)  # 调用父类的save方法完成保存
+    #     super().save(*args, **kwargs)  # 调用父类的save方法完成保存
--- a/my_app/serializers.py
+++ b/my_app/serializers.py
@@ -5,4 +5,4 @@ class DemoUsersSerializer(serializers.ModelSerializer):
    class Meta:
        model = DemoUsers
        fields = '__all__'
+        read_only_fields = ('created_by', 'last_updated_by')
--- a/my_app/views.py
+++ b/my_app/views.py
@@ -5,11 +5,22 @@
 from rest_framework import generics
 from .models import DemoUsers
 from .serializers import DemoUsersSerializer
+from rest_framework.permissions import IsAuthenticated
 class DemoUsersListCreateView(generics.ListCreateAPIView):
    queryset = DemoUsers.objects.all()
    serializer_class = DemoUsersSerializer
+    permission_classes = (IsAuthenticated,)
+    def perform_create(self, serializer):
+        print('user type in creation:', type(self.request.user))
+        serializer.save(created_by=self.request.user.username)
 class DemoUsersRetrieveUpdateDestroyView(generics.RetrieveUpdateDestroyAPIView):
    queryset = DemoUsers.objects.all()
    serializer_class = DemoUsersSerializer
+    permission_classes = (IsAuthenticated,)
+    def perform_update(self, serializer):
+        print('user type in update:', type(self.request.user))
+        serializer.save(last_updated_by=self.request.user.username)