權限組件之rbac
阿新 • • 發佈:2018-08-12
class object res nbsp 權限 turn con color lis
rbac:基於角色的權限訪問控制(Role-Based Access Control)。
def login(request): if request.method=="GET": return render(request,"login.html") else: user=request.POST.get("user") pwd=request.POST.get("pwd") user=UserInfo.objects.filter(name=user,pwd=pwd).first()if user: # 驗證成功之後做什麽? request.session["user_id"]=user.pk # 拿到session # 當前登錄用戶的所有權限, distinct()是去掉重復的權限 permission_info=user.roles.all().values("permissions__url","permissions__title").distinct() temp=[] # url列表for i in permission_info: temp.append(i["permissions__url"]) request.session["permission_list"]=temp # {"user_id":1,"permission_list":[‘/users/‘,‘/orders/‘]} return HttpResponse("登錄成功!") else: return redirect("/login/")
權限組件之rbac