django rbac权限
程序员文章站
2022-05-18 22:32:22
> startapp rbac models.py from django.db import models class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length= ......
> startapp rbac
models.py
from django.db import models class user(models.model): name=models.charfield(max_length=32) pwd=models.charfield(max_length=32) roles=models.manytomanyfield(to="role") def __str__(self): return self.name class role(models.model): title=models.charfield(max_length=32) permissions=models.manytomanyfield(to="permission") def __str__(self): return self.title class permission(models.model): title=models.charfield(max_length=32) url=models.charfield(max_length=32) def __str__(self):return self.title
rbac\service包下两个文件
perssions.py
def initial_session(user, request): permissions = user.roles.all().values("permissions__url").distinct() permission_list = [] for item in permissions: permission_list.append(item["permissions__url"]) print(permission_list) request.session["permission_list"] = permission_list
rbac.py
import re from django.utils.deprecation import middlewaremixin from django.shortcuts import httpresponse, redirect class validpermission(middlewaremixin): def process_request(self, request): # 当前访问路径 current_path = request.path_info # 检查是否属于白名单 valid_url_list = ["/login/", "/reg/", "/admin/.*"] for valid_url in valid_url_list: ret = re.match(valid_url, current_path) if ret: return none # 校验是否登录 user_id = request.session.get("user_id") if not user_id: return redirect("/login/") # 校验权限 permission_list = request.session.get("permission_list", []) # ['/users/', '/users/add', '/users/delete/(\\d+)', 'users/edit/(\\d+)'] flag = false for permission in permission_list: permission = "^%s$" % permission ret = re.match(permission, current_path) if ret: flag = true break if not flag: return httpresponse("没有访问权限!") return none
> startapp app01
views.py
from django.shortcuts import render,httpresponse from rbac.models import * def users(request): user_list=user.objects.all() return render(request,"users.html",locals()) import re def add_user(request): return httpresponse("add user.....") def roles(request): role_list=role.objects.all() return render(request,"roles.html",locals()) from rbac.service.perssions import * def login(request): if request.method=="post": user=request.post.get("user") pwd=request.post.get("pwd") user=user.objects.filter(name=user,pwd=pwd).first() if user: ############################### 在session中注册用户id###################### request.session["user_id"]=user.pk ###############################在session注册权限列表############################## # 查询当前登录用户的所有角色 # ret=user.roles.all() # print(ret)# <queryset [<role: 保洁>, <role: 销售>]> # 查询当前登录用户的所有权限 initial_session(user,request) return httpresponse("登录成功!") return render(request,"login.html")
工程 urls.py
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^users/$', views.users), url(r'^users/add', views.add_user), url(r'^roles/', views.roles), url(r'^login/', views.login), ]
settings.py
installed_apps = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'app01.apps.app01config',
"rbac.apps.rbacconfig"
]
middleware = [
'django.middleware.security.securitymiddleware',
'django.contrib.sessions.middleware.sessionmiddleware',
'django.middleware.common.commonmiddleware',
'django.middleware.csrf.csrfviewmiddleware',
'django.contrib.auth.middleware.authenticationmiddleware',
'django.contrib.messages.middleware.messagemiddleware',
'django.middleware.clickjacking.xframeoptionsmiddleware',
"rbac.service.rbac.validpermission"
]
上一篇: 爆囧,一家老小笑事不少!