如何使用Django Rest Framework在React前端上使用Django用户组和权限
[英]How to use Django User Groups and Permissions on a React Frontend with Django Rest Framework
问题描述
I am using Django Rest Framework with React on the Frontend. 
我正在前端使用带有React的Django Rest Framework。 I am using Token Athentication and its all working fine. 我正在使用令牌Athentication,并且一切正常。 I now have a requirement of making sure different users can access different things depending on their rights. 现在,我需要确保不同的用户可以根据其权限访问不同的内容。 This is possible using Django admin but my users will be using the React frontend. 使用Django admin可以实现,但是我的用户将使用React前端。
I looked through Django Rest permissions but I didnt see how I can use this on my React Frontend. 我浏览了Django Rest权限,但没有看到如何在我的React Frontend上使用它。 I also looked at Django guardian but I am not sure if its what I need for my requirement. 我也看了看Django的守护者,但我不确定它是否满足我的要求。 I have looked through many tutorials and articles but I can't seem to find any straight forward way to achieve this. 我浏览了许多教程和文章,但似乎找不到任何直接的方法来实现这一目标。
Here is the approach I have used sofar: Created a Serializer for the inbuilt User Model, then Created a ViewSet and I can now access the list of users through the api. 这是我使用过的方法:为内置的用户模型创建一个序列化器,然后创建一个ViewSet,现在我可以通过api访问用户列表。
from django.contrib.auth.models import User
class UserSerializer(SerializerExtensionsMixin,serializers.ModelSerializer):
class Meta:
model = User
fields = '__all__'
class UserViewSet(SerializerExtensionsAPIViewMixin, viewsets.ModelViewSet):
serializer_class = UserSerializer
queryset = User.objects.all()
router = DefaultRouter()
router.register(r'user', UserViewSet, basename='user')
Using this I am able to access a user with the groups and permissions as shown in the picture below. 使用此功能,我可以访问具有组和权限的用户,如下图所示。 I am now going ahead to call the api url on my React frontend and somehow use the permissions and groups associated with the user to control what the users can see. 我现在要在我的React前端上调用api URL,并以某种方式使用与用户相关联的权限和组来控制用户可以看到的内容。
Is there a better way to achieve this requirement? 是否有更好的方法来满足此要求? Am I doing this the right way? 我这样做正确吗? Has someone done this and may be I can borrow from their experience? 有人这样做过吗,也许我可以借鉴他们的经验吗?
1 个解决方案
解决方案1
0 2019-02-01 12:55:13
DRF provides permission classes, Also if you need some customization you can do so by creating custom permission classes. DRF提供了权限类,如果您需要一些自定义,也可以通过创建自定义权限类来实现。 Refer https://www.django-rest-framework.org/api-guide/permissions/#api-reference . 请参阅https://www.django-rest-framework.org/api-guide/permissions/#api-reference 。
On React side if you are using React router you can guard each route on some roles /permissions received from backend. 在React方面,如果您使用的是React路由器,则可以在从后端收到的某些角色/权限上保护每个路由。 Refer https://hackernoon.com/role-based-authorization-in-react-c70bb7641db4 This might help you 请参阅https://hackernoon.com/role-based-authorization-in-react-c70bb7641db4,这可能会对您有所帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.