Python 将用户凭据从Tastypie传递到Django模型
我在Django Tastypie中使用自定义身份验证,当身份验证成功时,它将返回用户名和密码。在ModelResource实例中,身份验证成功后,用户名和密码可用:Python 将用户凭据从Tastypie传递到Django模型,python,django,tastypie,Python,Django,Tastypie,我在Django Tastypie中使用自定义身份验证,当身份验证成功时,它将返回用户名和密码。在ModelResource实例中,身份验证成功后,用户名和密码可用: class TestResource(ModelResource): class Meta: queryset = Test.remote_supported.get_all(username,password) resource_name = 'test' filteri
class TestResource(ModelResource):
class Meta:
queryset = Test.remote_supported.get_all(username,password)
resource_name = 'test'
filtering = {
'id' : ALL,
}
detail_allowed_methods = ['get', 'post', 'patch']
authorization = Authorization()
authentication = MyCustomAuth()
always_return_data = True
def __init__(self, api_name=None):
self.username = None
self.password = None
super(TestResource, self).__init__(api_name)
def is_authenticated(self, request):
auth_result = self._meta.authentication.is_authenticated(request)
if isinstance(auth_result, HttpResponse):
raise ImmediateHttpResponse(response=auth_result)
if not auth_result is True:
raise ImmediateHttpResponse(response=http.HttpUnauthorized())
# this is where I receive the username and password from my custom auth
self.username, self.password = self._meta.authentication.get_credentials()
这段代码显然不起作用,因为那个用户名和密码在元类中不可用,即使是,更改它也不会影响这个实例,而是所有实例,这不是我的意图,因为用户名和密码的范围应该是每个RESTful查询
这就是我的模型的样子:
class RemoteAuthSupported(models.Manager):
def get_all(self, username, password):
# ... here I do some custom operations with the username and password
return super(RemoteAuthSupported, self).get_query_set()
class Test(models.Model):
objects = models.Manager()
remote_supported = RemoteAuthSupported()
# ... the field declarations follow here ... #
我尝试这样做的原因是,我在Django应用程序中使用了一个非ORM数据源,它需要自己的身份验证,但用户名和密码相同。处理此参数从Tastypie ModelResource传递到Django模型的方法是什么?我可能应该在这里提到,没有使用任何用户模型。您可以做的是覆盖返回请求资源列表的
obj\u get\u list
方法。此外,您还可以将用户名和密码设置为请求
对象本身,以便将参数带入请求-响应路径。此外,还需要将queryset
设置为all()
或者反过来,您可以添加自定义授权来过滤对象列表。请求
属性部分仍然有效
class MyAuth(Authorization):
def authorized_read_list(self, objects, bundle):
request = bundle.request
return objects.get_all(request.username, request.password)
如果您更愿意使用get\u all
模拟queryset
,而不仅仅是交替列表端点,那么您可以覆盖get\u object\u list
def get_object_list(self, request):
original = super(TestResource, self).get_object_list(request)
return original.get_all(request.username, request.password)
我查看了Tastype文档,似乎以下内容可以作为一个解决方案,尽管是业余的:
class TestResource(ModelResource):
class Meta:
queryset = Test.remote_supported.get_all('dummyusername','dummypassword')
resource_name = 'test'
filtering = {
'id' : ALL,
}
detail_allowed_methods = ['get', 'post', 'patch']
authorization = Authorization()
authentication = MyCustomAuth()
always_return_data = True
def get_object_list(self, request):
"""
This method calls a clone of the queryset declared in the Metaclass.
It is called every time a query is executed.
Here the actual username and password is passed to the model.
"""
return Site.remote_supported.get_all(self.username,self.password)
问题是queryset声明在元类中只发生一次,而不是每次查询,因此从http请求获取的用户名和密码无法传递到元级别的查询。但是由于
get\u object\u list()
克隆了声明并使用updates参数值执行实际调用,这就完成了任务。它对我很有用,但我觉得应该有更好的解决方案。为什么我必须使用all()
?根据,它不是必要性。它不是必要性,但tastypie从queryset
属性推断出一些数据,包括模型类。如果将get\u all
方法添加到查询集,则可以始终过滤任何查询集,而无需ModelManager。由相应的ModelManager方法备份的自定义queryset方法确实使生活更轻松
class TestResource(ModelResource):
class Meta:
queryset = Test.remote_supported.get_all('dummyusername','dummypassword')
resource_name = 'test'
filtering = {
'id' : ALL,
}
detail_allowed_methods = ['get', 'post', 'patch']
authorization = Authorization()
authentication = MyCustomAuth()
always_return_data = True
def get_object_list(self, request):
"""
This method calls a clone of the queryset declared in the Metaclass.
It is called every time a query is executed.
Here the actual username and password is passed to the model.
"""
return Site.remote_supported.get_all(self.username,self.password)