Django之权限用法

**记住每一个url都是一个权限**

注册

可插拔试的权限,可以先写其他的逻辑,在最后再把权限加上

将rbac组件拷贝到项目上,注册项目

 

修改表结构

将写好的用户表对rbac的User表进行一对一的关系建立,修改完成后做数据库迁移:

记住null等于true..后面再添加用户

 

将权限组件放在中间件上

MIDDLEWARE = [
    # 'django.middleware.security.SecurityMiddleware',
    # 'django.contrib.sessions.middleware.SessionMiddleware',
    # 'django.middleware.common.CommonMiddleware',
    # 'django.middleware.csrf.CsrfViewMiddleware',
    # 'django.contrib.auth.middleware.AuthenticationMiddleware',
    # 'django.contrib.messages.middleware.MessageMiddleware',
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'rbac.service.rbac.ValidPermission',
]
View Code

 

写登录的视图函数:

切记1.将user_id写入session中

  2.登录成功之后需要注册权限

        if user:
            request.session['user_id']=user.id

            initial_session(user,request)

 

 在所展示的页面上的html里添加菜单:

{% load my_tags %}
        <div class="menu">
             {% get_menu request %}
        </div>
        <div class="content">

 

将权限的数据录入到数据库中

 

 

注册权限的代码逻辑:

def initial_session(user,request):
    '''注册权限和菜单权限'''
    permissions = user.roles.all().values("permissions__url","permissions__group_id","permissions__action").distinct()
    permission_dict={}
    for item in permissions:
        gid=item.get('permissions__group_id')

        if not gid in permission_dict:

            permission_dict[gid]={
                "urls":[item["permissions__url"],],
                "actions":[item["permissions__action"],]
            }
        else:
            permission_dict[gid]["urls"].append(item["permissions__url"])
            permission_dict[gid]["actions"].append(item["permissions__action"])

    request.session['permission_dict']=permission_dict


    # 注册菜单权限
    permissions = user.roles.all().values("permissions__url","permissions__action","permissions__title").distinct()

    menu_permission_list=[]
    for item in permissions:
        if item["permissions__action"]=="list":
            menu_permission_list.append((item["permissions__url"],item["permissions__title"]))

    request.session["menu_permission_list"]=menu_permission_list
View Code

 

 

权限中间件:

from django.shortcuts import  HttpResponse,redirect
class ValidPermission(MiddlewareMixin):

    def process_request(self,request):
        # 当前访问路径
        current_path = request.path_info

        # 检查是否属于白名单
        valid_url_list=["/login/","/reg/","/admin/.*"]

        for valid_url in valid_url_list:
            ret=re.match(valid_url,current_path)
            if ret:
                return None
        # 校验是否登录
        user_id=request.session.get("user_id")
        if not user_id:
            return redirect("/login/")

        permission_dict=request.session.get("permission_dict")

        for item in permission_dict.values():
            urls=item['urls']
            for reg in urls:
                reg="^%s$"%reg
                ret=re.match(reg,current_path)
                if ret:
                    request.actions=item['actions']
                    return None

        return HttpResponse("没有访问权限!")
View Code
request.actions=item['actions'] 可以在相应的视图中,进行判断是否要显示增加或者删除按钮等操作

 

posted @ 2018-07-18 23:44  R00M  阅读(639)  评论(0编辑  收藏  举报