CRM+RBAC

权限系统的应用

权限系统的应用
    1. 拷贝rbac 到新项目中
    
    2. 注册rbac APP 以及配置信息
    
        PERMISSION_SESSION_KEY = 'permissions'
        MENU_SESSION_KEY = 'menus'
        WHITE_URL_LIST = [
            r'/login/$',
            r'^/logout/$',
            r'^/reg/$',
            r'^/admin/.*',
        ]
    3. 数据库迁移 
        删除原有的迁移文件的记录
        执行命令
        
    4. 在根目录下的urls.py中添加rbac的相关URL
        # 权限的url
        url(r'rbac/', include('rbac.urls',namespace='rbac')),
        
    5. 录入权限信息
        - 角色管理
        - 菜单管理
        - 权限管理
            - 录入原系统的URL
            - 录入rbac的URL
                - 权限批量操作的视图中ignore_namespace_list中去掉rbac
                     # 获取路由系统中所有URL
                     router_dict = get_all_url_dict(ignore_namespace_list=['admin'])
            
    6. 分配权限
        - 用户关联
            from rbac.models import User
            user = models.OneToOneField(User, null=True, blank=True)
            
        - 给用户分角色
        - 给角色分权限
        
    7. 登录应用权限
        - 登录成功后执行init_permission(request, obj) 
        - 修改init_permission
            user   ——》 user.user 
        - 应用权限校验中间件
             'rbac.middlewares.rbac.PermissionMiddleware',
             
             
    8. 应用二级菜单和面包屑导航
        注意模板 layout
            有block  css  js content 
            
        - 二级菜单
                <link rel="stylesheet" href="{% static 'css/menu.css' %}">
                {% load rbac %}
                {% menu request %}
                <script src="{% static 'js/menu.js' %}"></script>
                
        - 面包屑导航
            {% breadcrumb request %}
            
    9. 权限控制到按钮级别
        {% load rbac %}

        {% if request|has_permission:'add_customer' %}
            <a href="{% url 'add_customer' %}?{{ query_params }}" class="btn btn-primary btn-sm">添加</a>
        {% endif %}

中间件初始化

from django.conf import settings
from django.shortcuts import HttpResponse

def init_permission(request, user):
    # 1. 查当前登录用户拥有的权限
    try:
        permission_query = user.user.roles.filter(permissions__url__isnull=False).values(
            'permissions__url',
            'permissions__title',
            'permissions__id',
            'permissions__name',
            'permissions__parent_id',
            'permissions__parent__name',
            'permissions__menu_id',
            'permissions__menu__title',
            'permissions__menu__icon',
            'permissions__menu__weight',
        ).distinct()
    except Exception as e:
        return HttpResponse('请联系管理员:电话:110')
        
    
    # 存放权限信息
    permission_dict = {}
    
    # 存放菜单信息
    
    menu_dict = {}
    
    for item in permission_query:
        permission_dict[item['permissions__name']] = {'url': item['permissions__url'],
                                                      'id': item['permissions__id'],
                                                      'pid': item['permissions__parent_id'],
                                                      'pname': item['permissions__parent__name'],
                                                      'title': item['permissions__title']}
        
        menu_id = item.get('permissions__menu_id')
        
        if not menu_id:
            continue
        
        if menu_id not in menu_dict:
            menu_dict[menu_id] = {
                'title': item['permissions__menu__title'],
                'icon': item['permissions__menu__icon'],
                'weight': item['permissions__menu__weight'],
                'children': [
                    {'title': item['permissions__title'], 'url': item['permissions__url'],
                     'id': item['permissions__id'], 'pid': item['permissions__parent_id']}
                ]
            }
        else:
            menu_dict[menu_id]['children'].append(
                {'title': item['permissions__title'], 'url': item['permissions__url'], 'id': item['permissions__id'],
                 'pid': item['permissions__parent_id']})
    
    # # 2. 将权限信息写入到session
    request.session[settings.PERMISSION_SESSION_KEY] = permission_dict
    
    # 将菜单信息写入到session
    request.session[settings.MENU_SESSION_KEY] = menu_dict
init_permission.py

视图

from django.shortcuts import render, HttpResponse, redirect, reverse
from rbac import models
from rbac.forms import *
from django.db.models import Q
from rbac.server.routes import get_all_url_dict


def role_list(request):
    all_roles = models.Role.objects.all()
    return render(request, 'rbac/role_list.html', {"all_roles": all_roles})


def role(request, edit_id=None):
    obj = models.Role.objects.filter(id=edit_id).first()
    form_obj = RoleForm(instance=obj)
    if request.method == 'POST':
        form_obj = RoleForm(request.POST, instance=obj)
        if form_obj.is_valid():
            form_obj.save()
            return redirect(reverse('rbac:role_list'))
    
    return render(request, 'rbac/form.html', {'form_obj': form_obj})


def del_role(request, del_id):
    models.Role.objects.filter(id=del_id).delete()
    return redirect(reverse('rbac:role_list'))


# 菜单信息  权限信息
def menu_list(request):
    all_menu = models.Menu.objects.all()
    
    mid = request.GET.get('mid')
    
    if mid:
        permission_query = models.Permission.objects.filter(Q(menu_id=mid) | Q(parent__menu_id=mid))
    else:
        permission_query = models.Permission.objects.all()
    
    all_permission = permission_query.values('id', 'url', 'title', 'name', 'menu_id', 'parent_id', 'menu__title')
    
    all_permission_dict = {}
    
    for item in all_permission:
        menu_id = item.get('menu_id')
        if menu_id:
            item['children'] = []
            all_permission_dict[item['id']] = item
    
    for item in all_permission:
        pid = item.get('parent_id')
        
        if pid:
            all_permission_dict[pid]['children'].append(item)
    
    print(all_permission_dict)
    
    return render(request, 'rbac/menu_list.html',
                  {"all_menu": all_menu, 'all_permission_dict': all_permission_dict, 'mid': mid})


def menu(request, edit_id=None):
    obj = models.Menu.objects.filter(id=edit_id).first()
    form_obj = MenuForm(instance=obj)
    if request.method == 'POST':
        form_obj = MenuForm(request.POST, instance=obj)
        if form_obj.is_valid():
            form_obj.save()
            return redirect(reverse('rbac:menu_list'))
    
    return render(request, 'rbac/form.html', {'form_obj': form_obj})


def permission(request, edit_id=None):
    obj = models.Permission.objects.filter(id=edit_id).first()
    form_obj = PermissionForm(instance=obj)
    if request.method == 'POST':
        form_obj = PermissionForm(request.POST, instance=obj)
        if form_obj.is_valid():
            form_obj.save()
            return redirect(reverse('rbac:menu_list'))
    
    return render(request, 'rbac/form.html', {'form_obj': form_obj})


def del_permission(request, del_id):
    models.Permission.objects.filter(id=del_id).delete()
    return redirect(reverse('rbac:menu_list'))


from django.forms import modelformset_factory, formset_factory


def multi_permissions(request):
    """
    批量操作权限
    :param request:
    :return:
    """
    
    post_type = request.GET.get('type')
    
    # 更新和编辑用的
    FormSet = modelformset_factory(models.Permission, MultiPermissionForm, extra=0)
    # 增加用的
    AddFormSet = formset_factory(MultiPermissionForm, extra=0)
    
    permissions = models.Permission.objects.all()
    
    # 获取路由系统中所有URL
    router_dict = get_all_url_dict(ignore_namespace_list=['admin'])
    
    # 数据库中的所有权限的别名
    permissions_name_set = set([i.name for i in permissions])
    
    # 路由系统中的所有权限的别名
    router_name_set = set(router_dict.keys())

    add_name_set = router_name_set - permissions_name_set
    add_formset = AddFormSet(initial=[row for name, row in router_dict.items() if name in add_name_set])
    
    if request.method == 'POST' and post_type == 'add':
        add_formset = AddFormSet(request.POST)
        if add_formset.is_valid():
            print(add_formset.cleaned_data)
            permission_obj_list = [models.Permission(**i) for i in add_formset.cleaned_data]
            
            query_list = models.Permission.objects.bulk_create(permission_obj_list)
            
            for i in query_list:
                permissions_name_set.add(i.name)
            add_formset = AddFormSet()
        else:
            print(add_formset.errors)
            
        
    
    
    
    del_name_set = permissions_name_set - router_name_set
    del_formset = FormSet(queryset=models.Permission.objects.filter(name__in=del_name_set))
    
    update_name_set = permissions_name_set & router_name_set
    update_formset = FormSet(queryset=models.Permission.objects.filter(name__in=update_name_set))
    
    if request.method == 'POST' and post_type == 'update':
        update_formset = FormSet(request.POST)
        if update_formset.is_valid():
            update_formset.save()
            update_formset = FormSet(queryset=models.Permission.objects.filter(name__in=update_name_set))
    
    return render(
        request,
        'rbac/multi_permissions.html',
        {
            'del_formset': del_formset,
            'update_formset': update_formset,
            'add_formset': add_formset,
        }
    )


def distribute_permissions(request):
    """
    分配权限
    :param request:
    :return:
    """
    uid = request.GET.get('uid')
    rid = request.GET.get('rid')
    
    if request.method == 'POST' and request.POST.get('postType') == 'role':
        user = models.User.objects.filter(id=uid).first()
        if not user:
            return HttpResponse('用户不存在')
        user.roles.set(request.POST.getlist('roles'))
    
    if request.method == 'POST' and request.POST.get('postType') == 'permission' and rid:
        role = models.Role.objects.filter(id=rid).first()
        if not role:
            return HttpResponse('角色不存在')
        role.permissions.set(request.POST.getlist('permissions'))
    
    # 所有用户
    user_list = models.User.objects.all()
    
    user_has_roles = models.User.objects.filter(id=uid).values('id', 'roles')
    
    # print(user_has_roles)
    
    user_has_roles_dict = {item['roles']: None for item in user_has_roles}
    
    """
    用户拥有的角色id
    user_has_roles_dict = { 角色id:None }
    """
    
    role_list = models.Role.objects.all()
    
    if rid:
        role_has_permissions = models.Role.objects.filter(id=rid).values('id', 'permissions')
    elif uid and not rid:
        user = models.User.objects.filter(id=uid).first()
        if not user:
            return HttpResponse('用户不存在')
        role_has_permissions = user.roles.values('id', 'permissions')
    else:
        role_has_permissions = []
    
    print(role_has_permissions)
    
    role_has_permissions_dict = {item['permissions']: None for item in role_has_permissions}
    
    """
    角色拥有的权限id
    role_has_permissions_dict = { 权限id:None }
    """
    
    all_menu_list = []
    
    queryset = models.Menu.objects.values('id', 'title')
    menu_dict = {}
    
    """
    
    all_menu_list = [
            {  id:   title :  , children : [
                { 'id', 'title', 'menu_id', 'children: [
                'id', 'title', 'parent_id'
                ]  }
            ] },
            {'id': None, 'title': '其他', 'children': [
            {'id', 'title', 'parent_id'}]}
    ]
    
    menu_dict = {
        菜单的ID: {  id:   title :  , children : [
            { 'id', 'title', 'menu_id', 'children: [
            'id', 'title', 'parent_id'
            ]  }
        ] },
        none:{'id': None, 'title': '其他', 'children': [
        {'id', 'title', 'parent_id'}]}
    }
    """
    
    for item in queryset:
        item['children'] = []  # 放二级菜单,父权限
        menu_dict[item['id']] = item
        all_menu_list.append(item)
    
    other = {'id': None, 'title': '其他', 'children': []}
    all_menu_list.append(other)
    menu_dict[None] = other
    
    root_permission = models.Permission.objects.filter(menu__isnull=False).values('id', 'title', 'menu_id')
    
    root_permission_dict = {}
    
    """
    root_permission_dict = { 父权限的id : { 'id', 'title', 'menu_id', 'children: [
        { 'id', 'title', 'parent_id' }
    ]  }}
    """
    
    for per in root_permission:
        per['children'] = []  # 放子权限
        nid = per['id']
        menu_id = per['menu_id']
        root_permission_dict[nid] = per
        menu_dict[menu_id]['children'].append(per)
    
    node_permission = models.Permission.objects.filter(menu__isnull=True).values('id', 'title', 'parent_id')
    
    for per in node_permission:
        pid = per['parent_id']
        if not pid:
            menu_dict[None]['children'].append(per)
            continue
        root_permission_dict[pid]['children'].append(per)
    
    return render(
        request,
        'rbac/distribute_permissions.html',
        {
            'user_list': user_list,
            'role_list': role_list,
            'user_has_roles_dict': user_has_roles_dict,
            'role_has_permissions_dict': role_has_permissions_dict,
            'all_menu_list': all_menu_list,
            'uid': uid,
            'rid': rid
        }
    )
rbac/view.py

 

posted @ 2020-10-26 19:16  断浪狂刀忆年少  阅读(151)  评论(0编辑  收藏  举报