Django Privilege System Auth module

Auth module is a standard rights management system provided by Django, which can provide user authentication, user group and Rights Management .

Auth can be used in conjunction with the Admin module to quickly establish a website management system.

Add ' Django.contrib.auth ' to Installed_apps to use the app, Auth module is enabled by default.

User

User is the model of the relationship that maintains users ' information in the Auth module (inherited from models. Model), the table in the database is named Auth_User.

SQL description for user table:

CREATE TABLE"Auth_User" ("id" )integer  not NULL PRIMARY KEYautoincrement, "password"varchar( -) not NULL, "Last_login"datetime NULL, "Is_superuser" bool not NULL, "first_name"varchar( -) not NULL, "last_name"varchar( -) not NULL, "email"varchar(254) not NULL, "Is_staff" bool not NULL, "is_active" bool not NULL, "date_joined"datetime  not NULL, "username"varchar( -) not NULL UNIQUE)

The Auth module provides a lot of API management user information, and when necessary we can import the user table for operation, such as when other tables need to be associated with User:

 from Import User

Create user

user = User.objects.create_user (username, email, password)

To create a user object:

User.save ()

Here, you need to call the Save () method to save this new user to the database.

authmodule does not store user passwords plaintext instead stores a hash value, such as an iteration using the MD5 algorithm.

Certified Users

authenticatewhen using modules, import the modules first:

 from Import Authenticate

Pass the account and credentials using the keyword parameter:

user = Authenticate (username=username, Password=password)

The authentication user's password is valid, and if valid, returns the User object that represents it, or none if it is not valid.

It is important to note that the method does not check the is_active flag bit.

Modify User Password

The change password is an instance method of user, and the method does not authenticate users:

User.set_password (New_password)

Typically this method needs to be used in conjunction with authenticate:

user = Auth.authenticate (username=username, password=old_password)if is not None:    User.set_password (New_password)    user.save ()

Login

To import the module first:

 from Import Login

Login adds Session_key to the session for easy tracking of the user:

Login (request, user)

Login does not authenticate, nor does it check the is_active flag bit, which is used in general and authenticate:

user = Authenticate (username=username, password=password)if is not None:     if user.is_active:        Login (Request, user)

auth/__init__.pyyou can see the source code for login in.

Sign Out

Logout removes the user information from the request and refreshes the session:

 from Import Logout def Logout_view (Request):    logout (Request)

permission to judge, only allow logged-in user access

@login_requiredThe modifier-decorated view function first checks whether the login is logged through session key, the logged-on user can perform the operation normally, and the user who is not logged in will be redirected to login_url the specified location. If the Login_url parameter is not specified, it is redirected to settings.LOGIN_URL .

 from Import login_required@login_required (Login_url='/accounts/login/') def My_view (Request):     ...

Group

django.contrib.auth.models.GroupA model of the user group is defined, each user group owns id and name two fields, and the model is mapped to a data table in the database auth_group .

There is a groups many-to-many field named in the user object, and a many-to-many relationship is maintained by the auth_user_groups data table. The Group object can user_set query users in the user group by reverse.

We can add or remove user groups by creating a delete group object:

# Addgroup = Group.objects.create (name=group_name) group.save ()#  delgroup.delete ()

We can manage the relationship between users and user groups through standard multi-to-many field operations:

# user Join user group User.groups.add (Group) # or group.user_set.add (user) # user exits user group user.groups.remove (Group) # or group.user_set.remove (user) # user exits all user groups user.groups.clear () # all users in the user group exit Group Group.user_set.clear ()

Permission

Django's AUTH system provides model-level permission control, which allows you to check whether a user has add, change, or delete permissions on a data table.

The AUTH system is unable to provide object-level permission control, which is to check whether the user has permission to add or delete a record in the data table. Can be used if object-level permission control is required django-guardian .

Assuming there is a article data Sheet Management blog post in the blogging system, Auth can check whether a user has administrative rights to all posts , but cannot check whether the user has administrative rights on a blog post.

Check user Permissions

user.has_permmethod is used to check whether a user has permission to manipulate a model:

User.has_perm ('blog.add_article') user.has_perm ('blog.change_ Article') user.has_perm ('blog.delete_article')

The above statement checks to see if the user has the add permission to the article model in the app, and returns True if the permission is granted.

has_permIt is only a permission check, that is, the user does not have permissions and it does not prevent the programmer from performing related actions.

@permission_requiredAdorners can be substituted has_perm and redirected to the login page or throw an exception if the user does not have the appropriate permissions.

# permission_required (perm[, Login_url=none, Raise_exception=false]) @permission_required ('blog.add_article') def post_article (Request):     Pass

Each model has a default increment (add), change, delete (delete) permission. All permissions in the project are saved in the django.contrib.auth.models.Permission model.

The model is saved as a data table in the database auth_permission . Each permission has id ,, name , content_type_id codename four fields.

Manage User Permissions

User and permission are associated with many-to-many fields user.user_permissions and are maintained in the database by the auth_user_user_permissions data table.

# Add Permissions user.user_permissions.add (permission) #  user.user_permissions.delete (permission)#user.user_permissions.clear ()

It is a more convenient way to use user groups to manage permissions for users who have permissions on the user group. The group contains many-to-many fields permissions , which are maintained in the database by the auth_group_permissions data table.

#group.permissions.add (permission)#group.permissions.delete ( Permission)#group.permissions.clear ()

Custom Permissions

You can use meta-custom permissions when defining the model:

  Discussion (models. Model): ...  class   meta:permissions  = ((  " create_discussion  " ,  " can Create a discussion  "  ), (  reply_discussion   ", "  can reply discussion   "   

To determine whether a user has custom permissions:

User.has_perm ('blog.create_discussion')

Django Privilege System Auth module