欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

django rbac权限

程序员文章站 2022-05-18 22:32:22
> startapp rbac models.py from django.db import models class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length= ......

> startapp rbac

models.py

django rbac权限
from django.db import models

class user(models.model):
    name=models.charfield(max_length=32)
    pwd=models.charfield(max_length=32)
    roles=models.manytomanyfield(to="role")

    def __str__(self): return self.name

class role(models.model):
    title=models.charfield(max_length=32)
    permissions=models.manytomanyfield(to="permission")

    def __str__(self): return self.title

class permission(models.model):
    title=models.charfield(max_length=32)
    url=models.charfield(max_length=32)

    def __str__(self):return self.title
view code

rbac\service包下两个文件

perssions.py

django rbac权限
def initial_session(user, request):
    permissions = user.roles.all().values("permissions__url").distinct()

    permission_list = []

    for item in permissions:
        permission_list.append(item["permissions__url"])
    print(permission_list)

    request.session["permission_list"] = permission_list
view code

rbac.py

django rbac权限
import re
from django.utils.deprecation import middlewaremixin
from django.shortcuts import httpresponse, redirect


class validpermission(middlewaremixin):

    def process_request(self, request):

        # 当前访问路径
        current_path = request.path_info

        # 检查是否属于白名单
        valid_url_list = ["/login/", "/reg/", "/admin/.*"]

        for valid_url in valid_url_list:
            ret = re.match(valid_url, current_path)
            if ret:
                return none

        # 校验是否登录

        user_id = request.session.get("user_id")

        if not user_id:
            return redirect("/login/")

        # 校验权限
        permission_list = request.session.get("permission_list",
                                              [])  # ['/users/', '/users/add', '/users/delete/(\\d+)', 'users/edit/(\\d+)']

        flag = false
        for permission in permission_list:

            permission = "^%s$" % permission

            ret = re.match(permission, current_path)
            if ret:
                flag = true
                break
        if not flag:
            return httpresponse("没有访问权限!")

        return none
view code

> startapp app01

views.py

django rbac权限
from django.shortcuts import render,httpresponse
from rbac.models import *


def users(request):
    user_list=user.objects.all()

    return render(request,"users.html",locals())


import re
def add_user(request):


    return httpresponse("add user.....")

def roles(request):

    role_list=role.objects.all()

    return render(request,"roles.html",locals())
from rbac.service.perssions import *

def login(request):

    if  request.method=="post":

        user=request.post.get("user")
        pwd=request.post.get("pwd")

        user=user.objects.filter(name=user,pwd=pwd).first()
        if user:
            ############################### 在session中注册用户id######################
            request.session["user_id"]=user.pk

            ###############################在session注册权限列表##############################



            # 查询当前登录用户的所有角色
            # ret=user.roles.all()
            # print(ret)# <queryset [<role: 保洁>, <role: 销售>]>

            # 查询当前登录用户的所有权限
            initial_session(user,request)


            return httpresponse("登录成功!")


    return render(request,"login.html")
view code

工程 urls.py

django rbac权限
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^users/$', views.users),
    url(r'^users/add', views.add_user),
    url(r'^roles/', views.roles),
    url(r'^login/', views.login),
]
view code
settings.py
installed_apps = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'app01.apps.app01config',
"rbac.apps.rbacconfig"
]
middleware = [
'django.middleware.security.securitymiddleware',
'django.contrib.sessions.middleware.sessionmiddleware',
'django.middleware.common.commonmiddleware',
'django.middleware.csrf.csrfviewmiddleware',
'django.contrib.auth.middleware.authenticationmiddleware',
'django.contrib.messages.middleware.messagemiddleware',
'django.middleware.clickjacking.xframeoptionsmiddleware',
"rbac.service.rbac.validpermission"
]