首页 > 其他 > 详细

rbac权限管理

时间:2019-05-16 12:54:10      阅读:145      评论:0      收藏:0      [点我收藏+]

权限组件

1 项目与应用


2 什么是权限?

一个包含正则表达式url就是一个权限


who what how ---------->True or Flase

UserInfor

name
pwd
permission=models.manytomany(Permission)


name pwd
egon 123
alex 456
A 111
B 222
C 333
D 444


Permission

url=.....
title=....

id url title
1 "/users/" "查看用户"
2 "/users/add/" "添加用户"
3 "/customer/add" "添加客户"

UserInfor_permission

id
user_id
permission_id


id user_id permission_id
1 1 1
2 1 2
3 2 2

4 3 1
5 3 2
6 3 3

4 4 1
5 4 2
6 4 3


4 5 1
5 5 2
6 5 3


4 6 1
5 6 2
6 6 3


4 7 1
5 7 2
6 7 3





示例:登录人:egon
访问url:http://127.0.0.1:8000/users/

def users(request):
    user_id=request.session.get("user_id")
    obj=UserInfor.objects.filter(pk=user_id).first()
    obj.permission.all().valuelist("url")
    return HttpResponse("users.....")

 




# 版本2:

 

UserInfor

name
pwd
roles



name pwd
egon 123
alex 456
alex 456
alex 456
alex 456
alex 456
alex 456
alex 456
alex 456


Role

title=.......
permissions=......

id title
1 销售员


UserInfor2Role

id user_id role_id
1 1 1


Permission

url=.....
title=....

id url title
1 "/users/" "查看用户"
2 "/users/add/" "添加用户"
3 "/customer/add" "添加客户"




Role2Permission

id role_id permission_id
1 1 1
2 1 2
3 1 3



3 rbac(role-based access control)




关于rbac:

(1) 创建表关系:

class User(models.Model):
    name=models.CharField(max_length=32)
    pwd=models.CharField(max_length=32)
    roles=models.ManyToManyField(to="Role")

def __str__(self): return self.name

    class Role(models.Model):
    title=models.CharField(max_length=32)
    permissions=models.ManyToManyField(to="Permission")

def __str__(self): return self.title

    class Permission(models.Model):
    title=models.CharField(max_length=32)
    url=models.CharField(max_length=32)

def __str__(self):return self.title

 


(2) 基于admin录入数据


(3) 登录校验:

if 登录成功:

查询当前登录用户的权限列表注册到session中

(4) 校验权限(中间件的应用)

class ValidPermission(MiddlewareMixin):

    def process_request(self,request):

 

# 当前访问路径

current_path = request.path_info

 

# 检查是否属于白名单

valid_url_list=["/login/","/reg/","/admin/.*"]

for valid_url in valid_url_list:
    ret=re.match(valid_url,current_path)
if ret:
    return None

 

# 校验是否登录

1 user_id=request.session.get("user_id")
2 
3 if not user_id:
4     return redirect("/login/")

 


# 校验权限

 1 permission_list = request.session.get("permission_list",[]) # [‘/users/‘, ‘/users/add‘, ‘/users/delete/(\\d+)‘, ‘users/edit/(\\d+)‘]
 2 
 3 
 4 flag = False
 5 for permission in permission_list:
 6 
 7 permission = "^%s$" % permission
 8 
 9 ret = re.match(permission, current_path)
10 if ret:
11 flag = True
12 break
13 if not flag:
14 return HttpResponse("没有访问权限!")
15 
16 return None

 

 

 

 

day83:

权限粒度控制

简单控制:

{% if "users/add" in permissions_list%}

 


摆脱表控制


更改数据库结构

1 permissions = user.roles.all().values("permissions__url","permissions__group_id","permissions__action").distinct()

 

登录验证:

1 permissions=user.roles.all().values("permissions__url","permission__group_id","permissions__action").distinct()

 



构建permission_dict

permissions:
[

{‘permissions__url‘: ‘/users/add/‘,
‘permissions__group_id‘: 1,
‘permissions__action‘: ‘add‘},

{‘permissions__url‘: ‘/roles/‘,
‘permissions__group_id‘: 2,
‘permissions__action‘: ‘list‘},

{‘permissions__url‘: ‘/users/delete/(\\d+)‘,
‘permissions__group_id‘: 1,
‘permissions__action‘: ‘delete‘},

{‘permissions__url‘: ‘users/edit/(\\d+)‘,
‘permissions__group_id‘: 1,
‘permissions__action‘: ‘edit‘}
]

permission_dict


{

1: {
‘urls‘: [‘/users/‘, ‘/users/add/‘, ‘/users/delete/(\ \d+)‘, ‘users/edit/(\\d+)‘],
‘actions‘: [‘list‘, ‘add‘, ‘delete‘, ‘edit‘]},

2: {
‘urls‘: [‘/roles/‘],
‘actions‘: [‘list‘]}

}



中间价校验权限:

permission_dict=request.session.get("permission_dict")

for item in permission_dict.values():
    urls=item[urls]
    for reg in urls:
        reg="^%s$"%reg
        ret=re.match(reg,current_path)
        if ret:
            print("actions",item[actions])
            request.actions=item[actions]
            return None
        return HttpResponse("没有访问权限!")      
    return None

 



思考:
菜单权限显示

rbac权限管理

原文:https://www.cnblogs.com/Mikusa/p/10874884.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!