crm 权限设计

 

 

先在项目中创建  app rbac的models.py

from django.db import models

class Permission(models.Model):
    """
    权限表
    """
    url = models.CharField('权限', max_length=32)
    title = models.CharField('标题', max_length=32)

    def __str__(self):
        return self.title


class Role(models.Model):
    """
    角色表
    """
    name = models.CharField('角色名称', max_length=32)
    permissions = models.ManyToManyField('Permission', verbose_name='角色所拥有的权限', blank=True)

    def __str__(self):
        return self.name


class User(models.Model):
    """
    用户表
    """
    name = models.CharField('用户名', max_length=32)
    pwd = models.CharField('密码', max_length=32)
    roles = models.ManyToManyField('Role', verbose_name='用户所拥有的角色', blank=True)
    def __str__(self):
        return self.name

 

先在web urls.py中添加路由

url(r'^admin/', admin.site.urls),
url(r'^login/$', auth.login,name='login'),
url(r'^index/$', auth.index,name='index'),

web  app 中 views auth.py

from django.shortcuts import render, redirect, HttpResponse, reverse
from rbac import models


def index(request):
    return render(request, 'index.html')


def login(request):
    if request.method == 'POST':
        # 获取用户名和密码
        user = request.POST.get('user')
        pwd = request.POST.get('pwd')
        # 去数剧库进行筛选
        obj = models.User.objects.filter(name=user, pwd=pwd).first()
        if not obj:
            return render(request, 'login.html')
        permission_query = obj.roles.filter(permissions__url__isnull=False).values('permissions__url',
                                                                                   'permissions__title').distinct()
        print('1111',permission_query)  # <QuerySet [{'permissions__url': '/index/', 'permissions__title': '首页'}]>
        request.session['permission'] = list(permission_query)
        request.session['is_login'] = True
        return redirect(reverse('index'))
    return render(request, 'login.html')

在rbac app中创建过滤器

middlewares/rbac.py

from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, redirect, reverse
from django.conf import settings
import re
class RbacMiddleWare(MiddlewareMixin):
    def process_request(self, request):
        # 获取当前访问的页面
        url = request.path_info  # index
        # 白名单
        for i in settings.WHITE_LIST:
            if re.match(i, url):
                return
        # 获取登录状态
        is_login = request.session.get('is_login')
        # 没有登录跳转到登录页面
        if not is_login:
            return redirect(reverse('login'))

        # 免认证
        for i in settings.NO_PERMISSION_LIST:
            if re.match(i, url):
                return
        # 获取当前用户的权限
        permission_list = request.session['permission']
        print(permission_list)
        # 权限的校验
        for i in permission_list:
            if re.match('^{}$'.format(i['permissions__url']), url):
                return
        # 没匹配成功  没有权限
        return HttpResponse('没有访问的权限')

其中的re 是 引用settings.py中的变量

# 白名单
WHITE_LIST = [
    r'^/login/$',
    r'^/reg/$',
    r'^/admin/.*',
]
# 免认证的地址  需要登录 不行权限校验
NO_PERMISSION_LIST = [
    '/index/'
]

附上admin的py

from django.contrib import admin
from rbac import models


# Register your models here.

class PermissionAdmin(admin.ModelAdmin):
    list_display = ['url', 'title']
    list_editable = ['title']
admin.site.register(models.Permission, PermissionAdmin)
admin.site.register(models.Role)
admin.site.register(models.User)

 

posted @ 2019-03-20 00:06  崽崽1573  阅读(532)  评论(0编辑  收藏  举报