37.    Django structure, Security, ...

September, 2020
home

Contents

01. package, folder, file, module, function

        1. Create a new folder named MyApp.
        2. Inside MyApp, create a subfolder with the name 'mypackage'.
        3. Create an empty __init__.py file in the mypackage folder
        4. under mypackage, create a python file,  myfunctions
            def sum(x,y):
                return x+y
            
            def average(x,y):
                return (x+y)/2
            
            def power(x,y):
                return x**y
        5. in the terminal,  MyApp > python
        6. >>>  from mypackage import functions 
        7. >>>  power(3,2)
        8. >>>  9
            

02. folder, file, class, as_views()

03. six built-in Django apps

04. Using built-in auth for authentication

05. Using Custom User Model for authentication

06. Mixins for Permsissions and authorizations

        class ArticleUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
                model = Article
                fields = ('title', 'body',)
                template_name = 'article_edit.html'
                login_url = 'login'
            
                def test_func(self):
                    obj = self.get_object()
                    return obj.author == self.request.user
            

07. Setting model data in the code of some view class, not from user input

    # articles/views.py
    ...
    class ArticleCreateView(CreateView):
            model = Article
            template_name = 'article_new.html'
            fields = ('title', 'body') 
            #print(form)
             
            def form_valid(self, form): 
                #print(form)
                form.instance.author = self.request.user
                return super().form_valid(form)
            
            

08. BasicAuthentication and Review on REST web service


    --------------------- Review on REST web service--------


    --------------------- BasicAuthentication -------------

    # in settings.py
    REST_FRAMEWORK = {
        'DEFAULT_PERMISSION_CLASSES': [
                ...,
        ],
        'DEFAULT_AUTHENTICATION_CLASSES': [ 
                'rest_framework.authentication.SessionAuthentication',
                'rest_framework.authentication.BasicAuthentication'
        ],
    }
            

09. Permissions on REST web service

continue from 08, BasicAuthentication
        # in settings.py
                REST_FRAMEWORK = {
                        'DEFAULT_PERMISSION_CLASSES': [
                            'rest_framework.permissions.IsAuthenticated',
                        ],
                    'DEFAULT_AUTHENTICATION_CLASSES': [ 
                            'rest_framework.authentication.SessionAuthentication',
                            'rest_framework.authentication.BasicAuthentication'
                    ],
                }
        #posts/permissions.py
        from rest_framework     import permissions

        class IsAuthorOrReadOnly(permissions.BasePermission):
            def has_object_permission(self, request, view, obj):
                # Read-only permissions are allowed for any request
                
                if request.method in permissions.SAFE_METHODS:
                    print('location x620')
                    #print(request.user)
                    #print(request.user == '')
                    print('user is ' + str(request.user))
                    if (str(request.user) == 'AnonymousUser'):
                        print("location y")
                        return False
                    else:
                        return True
        

                # Write permissions are only allowed to the author of a post
                return obj.author == request.user
            

10. TokenAuthentication on REST web service

------ 10.1 initial setup for lab ------

------ 10.2 Adding app rest_framework.authtoken ------

------ 10.3 Installing django-rest-auth and adding ------

------ 10.4 user registration ------