1

CRM

1. 建表

RBAC 模型:

from django.db import models


class Permission(models.Model):
    """
    权限表
    """
    title = models.CharField(verbose_name='标题', max_length=32)
    url = models.CharField(verbose_name='含正则的URL', max_length=128)

    def __str__(self):
        return self.title


class Role(models.Model):
    """
    角色
    """
    title = models.CharField(verbose_name='角色名称', max_length=32)
    permissions = models.ManyToManyField(verbose_name='拥有的所有权限', to='Permission', blank=True)

    def __str__(self):
        return self.title


class UserInfo(models.Model):
    """
    用户表
    """
    name = models.CharField(verbose_name='用户名', max_length=32)
    password = models.CharField(verbose_name='密码', max_length=64)
    email = models.CharField(verbose_name='邮箱', max_length=32)
    roles = models.ManyToManyField(verbose_name='拥有的所有角色', to='Role', blank=True)

    def __str__(self):
        return self.name
View Code

2. 录入数据.

3.登录权限验证. permission_list

逻辑登录

from django.shortcuts import render, redirect,HttpResponse
from rbac import models
from django.conf import settings
def login(request):
    "用户登录"
    if request.method=="GET":
        return render(request,"login.html")
    #1. 获取提交的用户名和密码
    user= request.POST.get("user")
    print(user)
    pwd =request.POST.get("pwd")
    print(pwd)
    #2. 检验用户是否合法.
    obj =models.UserInfo.objects.filter(name =user,password=pwd).first()
    if not obj:
        return render(request,"login.html",{"msg":"用户名或者密码错误."})
    #3. 获取用户信息和权限信息写入session.
    permission_list = obj.roles.filter(permissions__url__isnull =False).values("permissions__url").distinct()

    request.session["user_info"] ={"id":obj.id,"name":obj.name}
    request.session[settings.PERMISSION_SESSION_KEY] =list(permission_list) #queryset对象不能被序列化,需要转换成列表.
    return redirect("/customer/list")
View Code

 

settings配置

###########################权限相关##########################
PERMISSION_SESSION_KEY ="permission_list"

  

3登录权限验证.增加Menu_list显示菜单校验 Menu_list

3.1 在登录页面的左侧加入显示菜单(查看客户与查看账单)

from django.shortcuts import render, redirect,HttpResponse
from rbac import models
from django.conf import settings
def login(request):
    "用户登录"
    if request.method=="GET":
        return render(request,"login.html")
    #1. 获取提交的用户名和密码
    user= request.POST.get("user")
    print(user)
    pwd =request.POST.get("pwd")
    print(pwd)
    #2. 检验用户是否合法.
    obj =models.UserInfo.objects.filter(name =user,password=pwd).first()
    if not obj:
        return render(request,"login.html",{"msg":"用户名或者密码错误."})
    #3. 获取用户信息和权限信息写入session.
    permission_queryset = obj.roles.filter(permissions__url__isnull =False).values("permissions__url",
                                                                               "permissions__icon"
                                                                               "permissions__title"
                                                                               "permissions__is_menu"
                                                                               ).distinct()

    request.session["user_info"] ={"id":obj.id,"name":obj.name}

    menu_list=[]
    permission_list =[]

    for row in permission_queryset:
        permission_list.append({"permissions_url":row["permission__url"]})

        if row["permission_is_menu"]:
            menu_list.append({"title":row["permission__title"],"icon":row["permissions__icon"],"url":row["permission__url"]})

    print(menu_list)
    request.session[settings.PERMISSION_SESSION_KEY] =list(permission_list) #queryset对象不能被序列化,需要转换成列表.
    request.session[settings.PERMISSION_Menu_KEY]=menu_list
    return redirect("/customer/list")
View Code

 3.2.为选中的菜单添加高亮功能.

 

 

 

3.3.权限和登录的初始化.

  将用户和session的信息配置单独放置一个文件中.

   新建一个init_permission文件,然后放置rbac目录下.

 

from django.conf import settings

def init_permission(request,user):

    # 3. 获取用户信息和权限信息写入session.
    permission_queryset = user.roles.filter(permissions__url__isnull=False).values("permissions__url",
                                                                                  "permissions__icon",
                                                                                  "permissions__title",
                                                                                  "permissions__is_menu",
                                                                                  ).distinct()

    request.session["user_info"] = {"id": user.id, "name": user.name}

    menu_list = []
    permission_list = []

    for row in permission_queryset:
        permission_list.append({"permissions_url": row["permissions__url"]})

        if row["permissions__is_menu"]:
            menu_list.append(
                {"title": row["permissions__title"], "icon": row["permissions__icon"], "url": row["permissions__url"]})
            print("menu_list:", menu_list)
    print("permission_list:", permission_list)
    request.session[settings.PERMISSION_SESSION_KEY] = list(permission_list)  # queryset对象不能被序列化,需要转换成列表.
    request.session[settings.PERMISSION_MENU_KEY] = menu_list
View Code

 

 

 4.中间件

 settings里设置

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
     "web.MiddleWare.rbac.RbacMiddleware", #添加中间件.
]

View Code

 

 逻辑

from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
from  django.shortcuts import HttpResponse,redirect,render
import re

class RbacMiddleware(MiddlewareMixin):

    """
    权限控制的中间件
    """
    def process_request(self,request):
        """
        权限控制
        :param request:
        :return:
        """
        #1. 获取当前请求URL
        current_url = request.path_info

        #1.5 白名单处理,
        for reg in settings.VALID_URL:
            if re.match(reg,current_url):
                return None


        #2. 获取当前session中所有的权限.
        permission_list = request.session.get(settings.PERMISSION_SESSION_KEY)
        if not permission_list:
            return redirect("/login")
        #3. 进行权限校验
        print(current_url)
        print(permission_list)
        flag =False
        for item in permission_list:
            reg ="^%s$"%item.get("permissions__url")
            if re.match(reg,current_url):
                flag =True
                break
        if not flag:
            return HttpResponse("无权访问.")
View Code

 

 

5. 二级菜单配置

改造 models

添加Menu类 

 

class Menu(models.Model):
    """
    菜单表
    """
    title =models.CharField(max_length=32)
    icon =models.CharField(max_length=32)

 

更改Permission类

class Permission(models.Model):
    """
    权限表
    """
    title = models.CharField(verbose_name='标题', max_length=32)
    url = models.CharField(verbose_name='含正则的URL', max_length=128)


    menu =models.ForeignKey(verbose_name="菜单",to="Menu",blank= True,null=True)
    def __str__(self):
        return self.title

 

生成二级菜单的数据结构:

 

posted @ 2018-09-22 20:26  萌哥-爱学习  阅读(360)  评论(0编辑  收藏  举报