CRM系统-----学员管理系统---开发通用权限管理组件

开发通用权限管理组件

 

 

通用的权限管理可以使用管理url的方式进行权限限制

per_dic = {
    "crm.can_access_my_course":{
        "url_type": 0 ,            # 0 = related  1 = absolute
        "url": "stu_my_classes",   #url name
        "method": "GET",
        "args": [ ]
    },
    "crm.can_access_studyrecord":{
        "url_type": 0 ,
        "url": "studyrecords",
        "method": "GET",
        "args": [ ]
    },
    "crm.can_access_homework_detail": {
        "url_type": 0,
        "url": "homework_detail",
        "method": "GET",
        "args": []
    },
}
crm/permissions/permission_list
 1 from crm.permissions import permission_list
 2 from django.shortcuts import redirect,render,HttpResponse
 3 from django.urls import resolve
 4 
 5 
 6 
 7 def perm_check(*args,**kwargs):
 8     request = args[0]
 9     if request.user.is_authenticated:  #检测是否登录
10         for k,v in permission_list.per_dic.items():
11             print("1",k,v)
12             url_matched = False  #标识符
13             if v["url_type"] == 1: #首先判断url的类型是相对路径还是绝对路径,1=绝对  0=相对
14                 if v["url"] == request.path:  #绝对路径匹配上
15                     url_matched = True
16             else:
17                 resolve_url_obj = resolve(request.path)
18                 # print("resolve",resolve_url_obj)
19                 if resolve_url_obj.url_name == v["url"]:#相对路径匹配上
20                     url_matched = True
21 
22             if url_matched:
23                 print("2")
24                 if v["method"] == request.method:#匹配请求的方式
25                     args_matched = True
26                     for request_args in v["args"]:
27                         request_method_func = getattr(request,v["method"])
28                         # print("11111",request_method_func)
29                         if not request_method_func(request_args):
30                             args_matched = False
31 
32                     if args_matched: #这里代表这个请求和这个权限定义的规则匹配上了
33                         print("3")
34                         if request.user.has_perm(k): #代表有权限
35                             # print(request.user.has_perm(k))
36                             return True
37 
38 
39 
40     else:
41         return redirect("/account/login/")
42 
43 
44 
45 def check_permission(func):  # 制作一个装饰器
46 
47     def inner(*args,**kwargs):
48         # print("permissions",*args,**kwargs)
49         # print("func",func)
50         if perm_check(*args,**kwargs) is True:  #运行函数
51             return func(*args,**kwargs)
52         else:
53             return HttpResponse("没有权限")
54     return inner
crm/permission
 1 class UserProfile(AbstractBaseUser,PermissionsMixin):
 2     ............
 3 
 4 
 5     class Meta:
 6         permissions = (
 7             ("can_access_my_course","可以访问我的课程"),
 8             ("can_access_studyrecord","可以访问我的学习记录"),
 9             ("can_access_homework_detail","可以访问上交作业"),
10         )
models

制作成装饰器,然后在视图中添加装饰器就OK

 

 

 

 

 

 

 

 

 

############################

posted @ 2018-08-31 09:44  Garrett0220  阅读(147)  评论(0编辑  收藏  举报
levels of contents