django rbac权限

Posted veiyg

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了django rbac权限相关的知识,希望对你有一定的参考价值。

> startapp rbac

models.py

技术分享图片
from django.db import models

class User(models.Model):
    name=models.CharField(max_length=32)
    pwd=models.CharField(max_length=32)
    roles=models.ManyToManyField(to="Role")

    def __str__(self): return self.name

class Role(models.Model):
    title=models.CharField(max_length=32)
    permissions=models.ManyToManyField(to="Permission")

    def __str__(self): return self.title

class Permission(models.Model):
    title=models.CharField(max_length=32)
    url=models.CharField(max_length=32)

    def __str__(self):return self.title
View Code

rbacservice包下两个文件

perssions.py

技术分享图片
def initial_session(user, request):
    permissions = user.roles.all().values("permissions__url").distinct()

    permission_list = []

    for item in permissions:
        permission_list.append(item["permissions__url"])
    print(permission_list)

    request.session["permission_list"] = permission_list
View Code

rbac.py

技术分享图片
import re
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse, redirect


class ValidPermission(MiddlewareMixin):

    def process_request(self, request):

        # 当前访问路径
        current_path = request.path_info

        # 检查是否属于白名单
        valid_url_list = ["/login/", "/reg/", "/admin/.*"]

        for valid_url in valid_url_list:
            ret = re.match(valid_url, current_path)
            if ret:
                return None

        # 校验是否登录

        user_id = request.session.get("user_id")

        if not user_id:
            return redirect("/login/")

        # 校验权限
        permission_list = request.session.get("permission_list",
                                              [])  # [‘/users/‘, ‘/users/add‘, ‘/users/delete/(\d+)‘, ‘users/edit/(\d+)‘]

        flag = False
        for permission in permission_list:

            permission = "^%s$" % permission

            ret = re.match(permission, current_path)
            if ret:
                flag = True
                break
        if not flag:
            return HttpResponse("没有访问权限!")

        return None
View Code

> startapp app01

views.py

技术分享图片
from django.shortcuts import render,HttpResponse
from rbac.models import *


def users(request):
    user_list=User.objects.all()

    return render(request,"users.html",locals())


import re
def add_user(request):


    return HttpResponse("add user.....")

def roles(request):

    role_list=Role.objects.all()

    return render(request,"roles.html",locals())
from rbac.service.perssions import *

def login(request):

    if  request.method=="POST":

        user=request.POST.get("user")
        pwd=request.POST.get("pwd")

        user=User.objects.filter(name=user,pwd=pwd).first()
        if user:
            ############################### 在session中注册用户ID######################
            request.session["user_id"]=user.pk

            ###############################在session注册权限列表##############################



            # 查询当前登录用户的所有角色
            # ret=user.roles.all()
            # print(ret)# <QuerySet [<Role: 保洁>, <Role: 销售>]>

            # 查询当前登录用户的所有权限
            initial_session(user,request)


            return HttpResponse("登录成功!")


    return render(request,"login.html")
View Code

工程 urls.py

技术分享图片
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
    url(r^admin/, admin.site.urls),
    url(r^users/$, views.users),
    url(r^users/add, views.add_user),
    url(r^roles/, views.roles),
    url(r^login/, views.login),
]
View Code
settings.py
INSTALLED_APPS = [
‘django.contrib.admin‘,
‘django.contrib.auth‘,
‘django.contrib.contenttypes‘,
‘django.contrib.sessions‘,
‘django.contrib.messages‘,
‘django.contrib.staticfiles‘,
‘app01.apps.App01Config‘,
"rbac.apps.RbacConfig"
]
MIDDLEWARE = [
‘django.middleware.security.SecurityMiddleware‘,
‘django.contrib.sessions.middleware.SessionMiddleware‘,
‘django.middleware.common.CommonMiddleware‘,
‘django.middleware.csrf.CsrfViewMiddleware‘,
‘django.contrib.auth.middleware.AuthenticationMiddleware‘,
‘django.contrib.messages.middleware.MessageMiddleware‘,
‘django.middleware.clickjacking.XFrameOptionsMiddleware‘,
"rbac.service.rbac.ValidPermission"
]

 



















以上是关于django rbac权限的主要内容,如果未能解决你的问题,请参考以下文章

django的RBAC认证z;自定义auth_user表;认证组件权限组件源码分析;认证组件;权限组件

Django的Rbac的介绍2

Django框架之RBAC+ContentType

django rbac权限

基于Django实现RBAC权限管理

Django之权限管理