crm 权限设计

zaizai1573

 

 

先在项目中创建  app rbac的models.py

from django.db import models

class Permission(models.Model):
    """
    权限表
    """
    url = models.CharField(\'权限\', max_length=32)
    title = models.CharField(\'标题\', max_length=32)

    def __str__(self):
        return self.title


class Role(models.Model):
    """
    角色表
    """
    name = models.CharField(\'角色名称\', max_length=32)
    permissions = models.ManyToManyField(\'Permission\', verbose_name=\'角色所拥有的权限\', blank=True)

    def __str__(self):
        return self.name


class User(models.Model):
    """
    用户表
    """
    name = models.CharField(\'用户名\', max_length=32)
    pwd = models.CharField(\'密码\', max_length=32)
    roles = models.ManyToManyField(\'Role\', verbose_name=\'用户所拥有的角色\', blank=True)
    def __str__(self):
        return self.name

 

先在web urls.py中添加路由

url(r\'^admin/\', admin.site.urls),
url(r\'^login/$\', auth.login,name=\'login\'),
url(r\'^index/$\', auth.index,name=\'index\'),

web  app 中 views auth.py

from django.shortcuts import render, redirect, HttpResponse, reverse
from rbac import models


def index(request):
    return render(request, \'index.html\')


def login(request):
    if request.method == \'POST\':
        # 获取用户名和密码
        user = request.POST.get(\'user\')
        pwd = request.POST.get(\'pwd\')
        # 去数剧库进行筛选
        obj = models.User.objects.filter(name=user, pwd=pwd).first()
        if not obj:
            return render(request, \'login.html\')
        permission_query = obj.roles.filter(permissions__url__isnull=False).values(\'permissions__url\',
                                                                                   \'permissions__title\').distinct()
        print(\'1111\',permission_query)  # <QuerySet [{\'permissions__url\': \'/index/\', \'permissions__title\': \'首页\'}]>
        request.session[\'permission\'] = list(permission_query)
        request.session[\'is_login\'] = True
        return redirect(reverse(\'index\'))
    return render(request, \'login.html\')

在rbac app中创建过滤器

middlewares/rbac.py

from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, redirect, reverse
from django.conf import settings
import re
class RbacMiddleWare(MiddlewareMixin):
    def process_request(self, request):
        # 获取当前访问的页面
        url = request.path_info  # index
        # 白名单
        for i in settings.WHITE_LIST:
            if re.match(i, url):
                return
        # 获取登录状态
        is_login = request.session.get(\'is_login\')
        # 没有登录跳转到登录页面
        if not is_login:
            return redirect(reverse(\'login\'))

        # 免认证
        for i in settings.NO_PERMISSION_LIST:
            if re.match(i, url):
                return
        # 获取当前用户的权限
        permission_list = request.session[\'permission\']
        print(permission_list)
        # 权限的校验
        for i in permission_list:
            if re.match(\'^{}$\'.format(i[\'permissions__url\']), url):
                return
        # 没匹配成功  没有权限
        return HttpResponse(\'没有访问的权限\')

其中的re 是 引用settings.py中的变量

# 白名单
WHITE_LIST = [
    r\'^/login/$\',
    r\'^/reg/$\',
    r\'^/admin/.*\',
]
# 免认证的地址  需要登录 不行权限校验
NO_PERMISSION_LIST = [
    \'/index/\'
]

附上admin的py

from django.contrib import admin
from rbac import models


# Register your models here.

class PermissionAdmin(admin.ModelAdmin):
    list_display = [\'url\', \'title\']
    list_editable = [\'title\']
admin.site.register(models.Permission, PermissionAdmin)
admin.site.register(models.Role)
admin.site.register(models.User)

 

分类:

技术点:

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode