权限--中间件

---恢复内容开始---

1,配置文件

USER = 'permission_url_list'
"""
设置session别名
"""
# ######################### rbac ############################
"""
设置白名单
"""
VALID_URL = [
    "/login/$",
    "/admin.*"
]
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rbac.apps.RbacConfig',
    'app01.apps.App01Config',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'rbac.middlewares.rbac.RbacMiddleware'
]

2,创建一个rbac的APP

创建表

from django.db import models

class Permission(models.Model):
    """
    权限表
    """
    title = models.CharField(verbose_name='标题',max_length=32)
    url = models.CharField(verbose_name="含正则URL",max_length=64)
    is_menu = models.BooleanField(verbose_name="是否是菜单")

    class Meta:
        verbose_name_plural = "权限表"

    def __str__(self):
        return self.title

class User(models.Model):
    """
    用户表
    """
    username = models.CharField(verbose_name='用户名',max_length=32)
    password = models.CharField(verbose_name='密码',max_length=64)
    email = models.CharField(verbose_name='邮箱',max_length=32)

    roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True)
    class Meta:
        verbose_name_plural = "用户表"

    def __str__(self):
        return self.username

class Role(models.Model):
    """
    角色表
    """
    title = models.CharField(max_length=32)
    permissions = models.ManyToManyField(verbose_name='具有的所有权限',to='Permission',blank=True)
    class Meta:
        verbose_name_plural = "角色表"

    def __str__(self):
        return self.title
models

创建一个middlewares文件夹(登录验证中间件 )

import re

from django.shortcuts import redirect,HttpResponse
from django.conf import settings

class MiddlewareMixin(object):
    def __init__(self, get_response=None):
        self.get_response = get_response
        super(MiddlewareMixin, self).__init__()

    def __call__(self, request):
        response = None
        if hasattr(self, 'process_request'):
            response = self.process_request(request)
        if not response:
            response = self.get_response(request)
        if hasattr(self, 'process_response'):
            response = self.process_response(request, response)
        return response


class RbacMiddleware(MiddlewareMixin):

    def process_request(self,request):
        # 1. 获取当前请求的URL
        # request.path_info
        # 2. 获取Session中保存当前用户的权限
        # request.session.get("permission_url_list')

        current_url=request.path_info
        print(current_url)
        for row in settings.VALID_URL:
            if re.match(row, current_url):
                return None

        permission_list=request.session.get(settings.USER)
        if not permission_list:
            return redirect("/login/")
        flag = False
        for db_url in permission_list:
            regax="^{0}$".format(db_url)
            if re.match(regax,current_url):
                flag = True
                break
            if not flag:
                return HttpResponse("无权访问")
rbac.py

创建service文件夹(初始化权限信息,获取权限信息并放置到session中)

from django.conf import settings
def init_permission(user,request):
    """
    初始化权限信息,获取权限信息并放置到session中。
    :param user:
    :param request:
    :return:
    """
    permission_list = user.roles.values('permissions__title', 'permissions__url', 'permissions__is_menu').distinct()
    url_list = []
    for item in permission_list:
        url_list.append(item['permissions__url'])
    request.session[settings.USER] = url_list
    permission_list=user.roles.values
init_permission.py

 

 

 

 

 

 

 

 

---恢复内容结束---

posted @ 2017-11-07 16:26  Fugui  阅读(329)  评论(0编辑  收藏  举报