首页 > 其他 > 详细

crm 权限设计

时间:2019-03-20 00:24:44      阅读:148      评论:0      收藏:0      [点我收藏+]

 技术分享图片

技术分享图片

 

先在项目中创建  app rbac的models.py

from django.db import models

class Permission(models.Model):
    """
    权限表
    """
    url = models.CharField(权限, max_length=32)
    title = models.CharField(标题, max_length=32)

    def __str__(self):
        return self.title


class Role(models.Model):
    """
    角色表
    """
    name = models.CharField(角色名称, max_length=32)
    permissions = models.ManyToManyField(Permission, verbose_name=角色所拥有的权限, blank=True)

    def __str__(self):
        return self.name


class User(models.Model):
    """
    用户表
    """
    name = models.CharField(用户名, max_length=32)
    pwd = models.CharField(密码, max_length=32)
    roles = models.ManyToManyField(Role, verbose_name=用户所拥有的角色, blank=True)
    def __str__(self):
        return self.name

 

先在web urls.py中添加路由

url(r^admin/, admin.site.urls),
url(r^login/$, auth.login,name=login),
url(r^index/$, auth.index,name=index),

web  app 中 views auth.py

from django.shortcuts import render, redirect, HttpResponse, reverse
from rbac import models


def index(request):
    return render(request, index.html)


def login(request):
    if request.method == POST:
        # 获取用户名和密码
        user = request.POST.get(user)
        pwd = request.POST.get(pwd)
        # 去数剧库进行筛选
        obj = models.User.objects.filter(name=user, pwd=pwd).first()
        if not obj:
            return render(request, login.html)
        permission_query = obj.roles.filter(permissions__url__isnull=False).values(permissions__url,
                                                                                   permissions__title).distinct()
        print(1111,permission_query)  # <QuerySet [{‘permissions__url‘: ‘/index/‘, ‘permissions__title‘: ‘首页‘}]>
        request.session[permission] = list(permission_query)
        request.session[is_login] = True
        return redirect(reverse(index))
    return render(request, login.html)

在rbac app中创建过滤器

middlewares/rbac.py

from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, redirect, reverse
from django.conf import settings
import re
class RbacMiddleWare(MiddlewareMixin):
    def process_request(self, request):
        # 获取当前访问的页面
        url = request.path_info  # index
        # 白名单
        for i in settings.WHITE_LIST:
            if re.match(i, url):
                return
        # 获取登录状态
        is_login = request.session.get(is_login)
        # 没有登录跳转到登录页面
        if not is_login:
            return redirect(reverse(login))

        # 免认证
        for i in settings.NO_PERMISSION_LIST:
            if re.match(i, url):
                return
        # 获取当前用户的权限
        permission_list = request.session[permission]
        print(permission_list)
        # 权限的校验
        for i in permission_list:
            if re.match(^{}$.format(i[permissions__url]), url):
                return
        # 没匹配成功  没有权限
        return HttpResponse(没有访问的权限)

其中的re 是 引用settings.py中的变量

# 白名单
WHITE_LIST = [
    r^/login/$,
    r^/reg/$,
    r^/admin/.*,
]
# 免认证的地址  需要登录 不行权限校验
NO_PERMISSION_LIST = [
    /index/
]

附上admin的py

from django.contrib import admin
from rbac import models


# Register your models here.

class PermissionAdmin(admin.ModelAdmin):
    list_display = [url, title]
    list_editable = [title]
admin.site.register(models.Permission, PermissionAdmin)
admin.site.register(models.Role)
admin.site.register(models.User)

 

crm 权限设计

原文:https://www.cnblogs.com/zaizai1573/p/10562383.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!