Django进阶2

时间:2022-05-29 22:09:32

一、ORM操作进阶

ForeignKey关联

示例models

from django.db import models
# Create your models here.
class User(models.Model):
name = models.CharField(max_length=32) class Host(models.Model):
host_name = models.CharField(max_length=32)
blong_to = models.ForeignKey("User")

ForeignKey创建数据

models.Host.objects.create(host_name="127.0.0.1",blong_to=models.User.objects.get(id=1))

1、搜索条件使用 __ 连接  2、获取值时使用 . 连接

user_list=models.Host.objects.filter(blong_to__name="lisi")    #一对多过滤条件

for item in user_list:
print(item.host_name,item.blong_to.name) #取数据,在前端取数据也类似

ForeignKey修改数据

hosts=models.Host.objects.get(host_name="127.0.0.1")
users=models.User.objects.get(id=2) hosts.blong_to=users
hosts.save()

反向关联查询

user_obj=models.User.objects.get(id=2)
print(user_obj.host_set.select_related())

ManyToManyField关联

示例models

class UserInfo(models.Model):
name = models.CharField(max_length=32)
email = models.CharField(max_length=32)
address = models.CharField(max_length=128) class UserGroup(models.Model):
caption = models.CharField(max_length=64)
user_info = models.ManyToManyField('UserInfo')

ManyToManyField操作(_set是多对多中的固定搭配)

    user_info_obj = models.UserInfo.objects.get(name="zhangsan")
user_info_objs = models.UserInfo.objects.all() group_obj = models.UserGroup.objects.get(caption='CEO')
group_objs = models.UserGroup.objects.all() # 添加数据
#group_obj.user_info.add(user_info_obj)
#group_obj.user_info.add(*user_info_objs)
#
#user_info_obj.usergroup_set.add(group_obj)
#user_info_obj.usergroup_set.add(*group_objs) # 删除数据
#group_obj.user_info.remove(user_info_obj)
#group_obj.user_info.remove(*user_info_objs)
#
#user_info_obj.usergroup_set.remove(group_obj)
#user_info_obj.usergroup_set.remove(*group_objs) # 获取数据
#print group_obj.user_info.all()
#print group_obj.user_info.all().filter(id=1)
#
#print user_info_obj.usergroup_set.all()
#print user_info_obj.usergroup_set.all().filter(caption='CEO')

 F  对同一表内不同的字段进行对比查询

class Entry(models.Model):
n_comments = models.IntegerField()
n_pingbacks = models.IntegerField()
rating = models.IntegerField()
from django.db.models import F
models.Entry.objects.filter(n_comments__gt=F('n_pingbacks'))
models.Entry.objects.filter(n_comments__gt=F('n_pingbacks') * 2)
models.Entry.objects.filter(rating__lt=F('n_comments') + F('n_pingbacks'))

批量自增

models.Entry.objects.all().update(n_pingbacks=F('n_pingbacks') + 1)

 

Q  构建搜索条件

from django.db.models import Q

models.UserInfo.objects.get(
Q(name='zhangsan'),Q(email="12345678@qq.com")) #两个都要满足
models.UserInfo.objects.get(
Q(name='zhangsan') | Q(email="12345678@qq.com")) #只需满足一个
models.UserInfo.objects.get(
Q(name='zhangsan'),Q(email="12345678@qq.com") | Q(address="abcde"))

django 实现分页

实例

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from django.shortcuts import render,HttpResponse
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
from app01 import models
# Create your views here.
def stu_login(request):
return render(request,"app01/login.html") def stu_home(request):
customer_list=models.Customer.objects.all()
paginator = Paginator(customer_list, 1) #每页显示条数 page = request.GET.get('page')
try:
contacts = paginator.page(page)
except PageNotAnInteger:
# If page is not an integer, deliver first page.
contacts = paginator.page(1)
except EmptyPage:
# If page is out of range (e.g. 9999), deliver last page of results.
contacts = paginator.page(paginator.num_pages) return render(request, "app01/home.html", {"customer_list":contacts})

views

    <div class="pagination">
<nav>
<ul class="pagination">
{% if customer_list.has_previous %}
<li class=""><a href="?page={{ customer_list.previous_page_number }}" aria-label="Previous"><span aria-hidden="true">&laquo;</span></a></li>
{% endif %}
{% for page_num in customer_list.paginator.page_range %}
{% if page_num == customer_list.number %}<!--如果page_num是当前选中的页-->
<li class="active"><a href="?page={{ page_num }}">{{ page_num }} <span class="sr-only">(current)</span></a></li>
{% else %}
<li class=""><a href="?page={{ page_num }}">{{ page_num }} <span class="sr-only">(current)</span></a></li>
{% endif %}
{% endfor %}
{% if customer_list.has_next %}
<li class=""><a href="?page={{ customer_list.next_page_number }}" aria-label="Next"><span aria-hidden="true">&raquo;</span></a></li>
{% endif %}
</ul>
</nav>
</div>

html

优化:固定页码个数

1、自定义template tags

  Django进阶2

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from django import template
from django.utils.safestring import mark_safe register = template.Library() @register.simple_tag
def custemer_paging(current_page,loop_num): #传入选中页和循环页
num_left=current_page-2
num_right=current_page+2
if loop_num>num_left and loop_num<num_right:#只显示3页
if current_page == loop_num:
result='''<li class="active"><a href="?page=%s">%s <span class="sr-only">(current)</span></a></li>'''%(loop_num,loop_num)
else:
result='''<li class=""><a href="?page=%s">%s <span class="sr-only">(current)</span></a></li>'''%(loop_num,loop_num)
return mark_safe(result)
result=""
return mark_safe(result)

custemer_tags.py

在html开头导入

{% load custemer_tags %}

使用自定义simple_tag

    <div class="pagination">
<nav>
<ul class="pagination">
{% if customer_list.has_previous %}
<li class=""><a href="?page={{ customer_list.previous_page_number }}" aria-label="Previous"><span aria-hidden="true">&laquo;</span></a></li>
{% endif %}
{% for page_num in customer_list.paginator.page_range %} {% custemer_paging customer_list.number page_num %}<!--使用custemer_tags--> {% endfor %}
{% if customer_list.has_next %}
<li class=""><a href="?page={{ customer_list.next_page_number }}" aria-label="Next"><span aria-hidden="true">&raquo;</span></a></li>
{% endif %}
</ul>
</nav>
</div>

更多详情:https://docs.djangoproject.com/en/1.9/topics/pagination/

三、在自己写的脚本里调用django models

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'django_project.settings'
import django
django.setup() from app01 import models result = models.UserInfo.objects.get(id=1)
print(result)

Django进阶2

四、用户认证

from django.contrib.auth.models import User

class UserProfile(models.Model):
user = models.OneToOneField(User)
name = models.CharField(max_length=32)
from django.contrib.auth import authenticate,login,logout
from django.contrib.auth.decorators import login_required @login_required
def acc_home(request):
return render(request,"index.html") def acc_login(request):
if request.method == "POST":
username = request.POST.get("username")
password = request.POST.get("password")
user = authenticate(username=username,password=password) #验证 if user is not None:
login(request,user) #登录
return redirect("/app01/acc_home/")
else:
return render(request,"login.html") def acc_logout(request):
logout(request) #退出

在前端显示用户名或对应的名字

    <div>
{% if request.user.is_authenticated %} <!--如果已经登录-->
<span>{{ request.user }}</span> <!--用户名-->
<span>{{ request.user.userprofile.name }}</span> <!--用户名在UserProfile表对应的名字-->
{% endif %}
</div>

五、权限管理

django 自带有基本的权限管理 ,但粒度和限制权限的维度都只是针对具体的表

自己写的权限要易扩展、灵活,权限系统的设计对开发者、用户要实现透明,即他们不需要改变自己原有的使用系统或调用接口的方式,权限要能实现非常小的粒度的控制,甚至细致到一个按键某个用户是否能按。

想对一个功能实现权限控制,要做到只需在views方法上加一个装饰器就行了

例:

在表内创建一个class Meta,自己定义几个权限。

class UserProfile(models.Model):
user = models.OneToOneField(User)
name = models.CharField(verbose_name=u"姓名",max_length=32)
def __unicode__(self):
return self.name
class Meta:
permissions = (("view_customer_list",u"查看客户信息"),
("view_customer_info",u"查看客户详细信息"),
("view_customer_updata",u"修改详细信息"),
)

python manage.py makemigrations
python manage.py migrate

关联动作

这里创建一个permissions.py,创建check_permission装饰器

 #!/usr/bin/env python
# -*- coding:utf-8 -*-
from django.core.urlresolvers import resolve
from django.shortcuts import render
perm_dic = {
"view_customer_list":["customer_list","GET",[]],
"view_customer_info":["customer_info","GET",[]],
"view_customer_updata":["customer_info","POST",[]],
} def perm_check(*args,**kwargs):
request = args[0]
url_resovle_obj = resolve(request.path_info)
current_url_namespace = url_resovle_obj.url_name
#app_name = url_resovle_obj.app_name #use this name later
print("url namespace:",current_url_namespace)
matched_flag = False # find matched perm item
matched_perm_key = None
if current_url_namespace is not None:#if didn't set the url namespace, permission doesn't work
print("find perm...")
for perm_key in perm_dic:
perm_val = perm_dic[perm_key]
if len(perm_val) == 3:#otherwise invalid perm data format
url_namespace,request_method,request_args = perm_val
print(url_namespace,current_url_namespace)
if url_namespace == current_url_namespace: #matched the url
if request.method == request_method:#matched request method
if not request_args:#if empty , pass
matched_flag = True
matched_perm_key = perm_key
print('mtched...')
break #no need looking for other perms
else:
for request_arg in request_args: #might has many args
request_method_func = getattr(request,request_method) #get or post mostly
#print("----->>>",request_method_func.get(request_arg))
if request_method_func.get(request_arg) is not None:
matched_flag = True # the arg in set in perm item must be provided in request data
else:
matched_flag = False
print("request arg [%s] not matched" % request_arg)
break #no need go further
if matched_flag == True: # means passed permission check ,no need check others
print("--passed permission check--")
matched_perm_key = perm_key
break else:#permission doesn't work
return True if matched_flag == True:
#pass permission check
perm_str = "app01.%s" %(matched_perm_key)
if request.user.has_perm(perm_str):
print("\033[42;1m--------passed permission check----\033[0m")
return True
else:
print("\033[41;1m ----- no permission ----\033[0m")
print(request.user,perm_str)
return False
else:
print("\033[41;1m ----- no matched permission ----\033[0m") def check_permission(func):
def wrapper(*args,**kwargs):
print("---start check perms",args[0])
if not perm_check(*args,**kwargs):
return render(args[0],'app01/403.html')
return func(*args,**kwargs)
#print("---done check perms")
return wrapper

permissions.py

    url(r'^stu_home/$', views.stu_home,name="customer_list"),
url(r'^stu_detail/(\d+)/$', views.stu_detail,name="customer_info"),

在views导入自己写的装饰器并在相应方法上加一个装饰器

Django进阶2

可以用超级用户通过admin对普通用户进行权限控制

Django进阶2

Django进阶2

六、CSRF(跨站域请求伪造)

CSRF(Cross Site Request Forgery, 跨站域请求伪造)是一种网络的攻击方式,它在 2007 年曾被列为互联网 20 大安全隐患之一

防御策略

  在请求地址中添加 token 并验证

Django 中使用CSRF,在表单下使用{% csrf_token %}

<form action="" method="post">{% csrf_token %}

  

AJAX中CSRF

function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken'); function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});

Django进阶2的更多相关文章

  1. Python之路&comma;Day16 - Django 进阶

    Python之路,Day16 - Django 进阶   本节内容 自定义template tags 中间件 CRSF 权限管理 分页 Django分页 https://docs.djangoproj ...

  2. django进阶补充

    前言: 这篇博客对上篇博客django进阶作下补充. 一.效果图 前端界面较简单(丑),有两个功能: 从数据库中取出书名 eg: 新书A 在form表单输入书名,选择出版社,选择作者(多选),输入完毕 ...

  3. django进阶-3

    先看效果图: 登陆admin后的界面: 查看作者: 当然你也可以定制admin, 使界面更牛逼 数据库表结构: app01/models.py from django.db import models ...

  4. django进阶-4

    前言: 下篇博客写关于bootstrap... 一.如何在脚本测试django from django.db import models class Blog(models.Model): name ...

  5. Django进阶篇【1】

    注:本篇是Django进阶篇章,适合人群:有Django基础,关于Django基础篇,将在下一章节中补充! 首先我们一起了解下Django整个请求生命周期: Django 请求流程,生命周期: 路由部 ...

  6. Django进阶知识

    drf学习之Django进阶点 一.Django migrations原理 1.makemigrattions: 相当于在每个app下的migrations文件夹下生成一个py脚本文件用于创建表或则修 ...

  7. django进阶-查询&lpar;适合GET4以上人群阅读&rpar;

    前言: 下篇博客写关于bootstrap... 一.如何在脚本测试django from django.db import models class Blog(models.Model): name ...

  8. django进阶-modelform&amp&semi;admin action

    先看效果图: 登陆admin后的界面: 查看作者: 当然你也可以定制admin, 使界面更牛逼 数据库表结构: app01/models.py from django.db import models ...

  9. django进阶-小实例

    前言: 这篇博客对上篇博客django进阶作下补充. 一.效果图 前端界面较简单(丑),有两个功能: 从数据库中取出书名 eg: 新书A 在form表单输入书名,选择出版社,选择作者(多选),输入完毕 ...

  10. django进阶-1

    前言: 各位久等了,django进阶篇来了. 一.get与post 接口规范: url不能写动词,只能写名词 django默认只支持两种方式: get, post get是获取数据 ?user=zcl ...

随机推荐

  1. 压缩png质量不改变像素

    private static byte[] CompressionImage(Bitmap bitmap, Stream fileStream, long quality) { using (Syst ...

  2. Java类初始化

    Java类初始化 成员变量的初始化和构造器 如果类的成员变量在定义时没有进行显示的初始化赋值,Java会给每个成员变量一个默认值 对于  char.short.byte.int.long.float. ...

  3. java支持跨平台获取cpuid、主板id、硬盘id、mac地址 (兼容windows、Linux)

    windows: package cn.net.comsys.helper.system.info;   import java.io.BufferedReader; import java.io.F ...

  4. DbUtils常用API的使用 方便以后查阅

    package com.lizhou.Test; import java.sql.SQLException; import java.util.List; import java.util.Map; ...

  5. 各个平台的mysql重启命令

    linux平台及windows平台mysql重启方法 Linux下重启MySQL的正确方法: 1.通过rpm包安装的MySQL service mysqld restart 2.从源码包安装的MySQ ...

  6. UVA10339 Watching Watches

    题目大意:有两个表,每天都会慢一点时间,给出每天慢得秒数,问下一次重合的时刻. 解题思路:时刻重合也就是说整整差了一周,一周是12小时,用12小时的秒数除以两个表的相差那就是需要多少天的时间后重合,知 ...

  7. JSP专题

    JSP起源 ·在很多动态网页中,绝大部分内容都是固定不变的,只有局部内容需要动态产生和改变. ·如果使用Servlet程序来输出只有局部内容需要动态改变的网页,其中所有的静态内容也需要程序员代码产生, ...

  8. 团队作业10——复审与事后分析(Beta版本)

    Deadline: 2017-6-13 22:00PM,以博客发表日期为准 评分基准: 按时交 - 有分,检查的项目内容为后文的两个方面 Beta阶段项目复审(单独一篇博客) 事后诸葛亮分析报告(单独 ...

  9. canvas图形编辑器

    原文地址:http://jeffzhong.space/2017/11/02/drawboard/ 使用canvas进行开发项目,我们离不开各种线段,曲线,图形,但每次都必须用代码一步一步的实现.有没 ...

  10. POJ 1830 开关问题 &lbrack;高斯消元XOR&rsqb;

    和上两题一样 Input 输入第一行有一个数K,表示以下有K组测试数据. 每组测试数据的格式如下: 第一行 一个数N(0 < N < 29) 第二行 N个0或者1的数,表示开始时N个开关状 ...