10.11 rbac權限
阿新 • • 發佈:2018-10-11
0.11 查看 cit ESS shortcuts url pwd current http
2018-10-11 12:25:11
現在寫代碼時候,不要好多代碼放在一塊!註重解耦!!!!!
把權限放到中間件裏面,每次訪問的時候都用到!
自己的網站弄完了,博客網站已經正式上線,就是有點醜! www.sizhanan.cn/index
越努力越幸運!永遠不要高估自己!
先貼上筆記!
權限組件 1 項目與應用 2 什麽是權限? 一個包含正則表達式url就是一個權限 who what how ---------->True or Flase UserInfor name pwd permission=models.manytomany(Permission) name pwd egon 123 alex 456 A 111 B 222 C 333 D 444 Permission url=..... title=.... id url title1 "/users/" "查看用戶" 2 "/users/add/" "添加用戶" 3 "/customer/add" "添加客戶" UserInfor_permission id user_id permission_id id user_id permission_id 1 1 1 2 1 2 3 2 2 4 3 1 5 3 2 6 3 3 4 4 1 5 4 2 6 4 3 4 5 1 5 5 2 6 5 3 4 6 1 5 6 2 6 6 3 4 7 1 5 7 2 6 7 3 示例:登錄人:egon 訪問url:http://127.0.0.1:8000/users/ def users(request): user_id=request.session.get("user_id") obj=UserInfor.objects.filter(pk=user_id).first() obj.permission.all().valuelist("url") return HttpResponse("users.....") # 版本2: UserInfor name pwd roles name pwd egon 123 alex 456 alex 456 alex 456 alex 456 alex 456 alex 456 alex 456 alex 456 Role title=....... permissions=...... id title 1 銷售員 UserInfor2Role id user_id role_id 1 1 1 Permission url=..... title=.... id url title 1 "/users/" "查看用戶" 2 "/users/add/" "添加用戶" 3 "/customer/add" "添加客戶" Role2Permission id role_id permission_id 1 1 1 2 1 2 3 1 3 3 rbac(role-based access control) 關於rbac: (1) 創建表關系: class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) roles=models.ManyToManyField(to="Role") def __str__(self): return self.name class Role(models.Model): title=models.CharField(max_length=32) permissions=models.ManyToManyField(to="Permission") def __str__(self): return self.title class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) def __str__(self):return self.title (2) 基於admin錄入數據 (3) 登錄校驗: if 登錄成功: 查詢當前登錄用戶的權限列表註冊到session中 (4) 校驗權限(中間件的應用) class ValidPermission(MiddlewareMixin): def process_request(self,request): # 當前訪問路徑 current_path = request.path_info # 檢查是否屬於白名單 valid_url_list=["/login/","/reg/","/admin/.*"] for valid_url in valid_url_list: ret=re.match(valid_url,current_path) if ret: return None # 校驗是否登錄 user_id=request.session.get("user_id") if not user_id: return redirect("/login/") # 校驗權限 permission_list = request.session.get("permission_list",[]) # [‘/users/‘, ‘/users/add‘, ‘/users/delete/(\\d+)‘, ‘users/edit/(\\d+)‘] flag = False for permission in permission_list: permission = "^%s$" % permission ret = re.match(permission, current_path) if ret: flag = True break if not flag: return HttpResponse("沒有訪問權限!") return None
rbac/service/perssions.py
# by luffycity.com def initial_session(user,request): permissions = user.roles.all().values("permissions__url").distinct() permission_list = [] for item in permissions: permission_list.append(item["permissions__url"]) print(permission_list) request.session["permission_list"] = permission_list
rbac/service/rbac.py 把這個文件在settings 中間件裏面註冊一下
MIDDLEWARE = [ ........... "rbac.service.rbac.ValidPermission" ]
# by luffycity.com import re from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse,redirect class ValidPermission(MiddlewareMixin): def process_request(self,request): # 當前訪問路徑 current_path = request.path_info # 檢查是否屬於白名單 valid_url_list=["/login/","/reg/","/admin/.*"] for valid_url in valid_url_list: ret=re.match(valid_url,current_path) if ret: return None # 校驗是否登錄 user_id=request.session.get("user_id") if not user_id: return redirect("/login/") # 校驗權限 permission_list = request.session.get("permission_list",[]) # [‘/users/‘, ‘/users/add‘, ‘/users/delete/(\\d+)‘, ‘users/edit/(\\d+)‘] flag = False for permission in permission_list: permission = "^%s$" % permission ret = re.match(permission, current_path) if ret: flag = True break if not flag: return HttpResponse("沒有訪問權限!") return None
app01/views.py
from django.shortcuts import render,HttpResponse # Create your views here. from rbac.models import * def users(request): user_list=User.objects.all() return render(request,"users.html",locals()) import re def add_user(request): return HttpResponse("add user.....") def roles(request): role_list=Role.objects.all() return render(request,"roles.html",locals()) from rbac.service.perssions import * def login(request): if request.method=="POST": user=request.POST.get("user") pwd=request.POST.get("pwd") user=User.objects.filter(name=user,pwd=pwd).first() if user: ############################### 在session中註冊用戶ID###################### request.session["user_id"]=user.pk ###############################在session註冊權限列表############################## # 查詢當前登錄用戶的所有角色 # ret=user.roles.all() # print(ret)# <QuerySet [<Role: 保潔>, <Role: 銷售>]> # 查詢當前登錄用戶的所有權限 initial_session(user,request) return HttpResponse("登錄成功!") return render(request,"login.html")
2018-10-11 12:30:25
權限系統還是很簡單的!
10.11 rbac權限