四. 访问权限的使用和设计
Posted lovershowtime
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了四. 访问权限的使用和设计相关的知识,希望对你有一定的参考价值。
一.访问权限的使用和设计
model
from django.db import models # Create your models here. class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) roles=models.ManyToManyField(to="Role") def __str__(self): return self.name class Meta: verbose_name_plural = "用户表" class Role(models.Model): title=models.CharField(max_length=32) permissions=models.ManyToManyField(to="Permission") def __str__(self): return self.title class Meta: verbose_name_plural = "角色表" class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) class Meta: verbose_name_plural = "权限表" def __str__(self):return self.title
URL from django.contrib import admin from django.urls import path from myapp import views urlpatterns= [ path(‘admin/‘, admin.site.urls), path(‘login/‘, views.login), path(‘user/‘, views.users), path(‘role/‘, views.roles), path(‘user/add/‘, views.add_user), ]
viwes from django.shortcuts import render,HttpResponse # Create your views here. from webauth import models def login(request): if request.method == "POST": name=request.POST.get("user") pwd = request.POST.get("pwd") print(name,pwd) user_obj=models.User.objects.filter(name=name,pwd=pwd).first() if user_obj: # 查询登录成的所有用户权限 # 查询当前登录用户的所有角色 ret=user_obj.roles.all() print(ret) # <QuerySet [<Role: ceo>, <Role: 保安部>]> ############################### 在session中注册用户ID###################### bb=request.session["user_id"] = user_obj.pk print(bb,"session存储值") ret1 = user_obj.roles.values("permissions__url") print(ret1,"11111") # < QuerySet[ {‘permissions__url‘: ‘user/add/‘}, {‘permissions__url‘: ‘/user/‘}, {‘permissions__url‘: ‘/role/‘}, {‘permissions__url‘: ‘/user/‘}] > 11111 ret11 = user_obj.roles.all().values("title") print(ret11,"22222") # < QuerySet[{‘title‘: ‘ceo‘}, {‘title‘: ‘保安部‘}] > 22222 ret12= user_obj.roles.values("title") print(ret12,"333333") # < QuerySet[{‘title‘: ‘ceo‘}, {‘title‘: ‘保安部‘}] > 333333 ret3 = user_obj.roles.values("permissions__url").distinct() print(ret3) li_list=[] for items in ret3: li_list.append(items["permissions__url"]) print(li_list,"访问权限_________________________") # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘] ###############################在session注册权限列表############################## aa=request.session["li_list"] = li_list print(aa,"权限保存在session中哈哈哈") # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘] return HttpResponse("ok") return render(request,"01login.html") # 用户 def users(request): user_list=models.User.objects.all() return render(request,"users.html",locals()) import re # 添加 def add_user(request): add_list=request.session["li_list"] # 在session中获取权限 在做校验 print(add_list,"#在session中获取权限 在做校验") # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘] path_info=request.path_info # / user / add / print(path_info) flag=False for add_li in add_list: re_li="^%s$"%add_li ret=re.match(re_li,path_info) if ret: flag=True break if not flag: return HttpResponse("没有访问权限") return HttpResponse("add user.....") # 角色 def roles(request): add_list=request.session["li_list"] # 在session中获取权限 在做校验 print(add_list,"#在session中获取权限 在做校验") # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘] path_info=request.path_info # / user / add / print(path_info) flag=False for add_li in add_list: re_li="^%s$"%add_li ret=re.match(re_li,path_info) if ret: flag=True break if not flag: return HttpResponse("没有访问权限") role_list=models.Role.objects.all() return render(request,"roles.html",locals())
以上是关于四. 访问权限的使用和设计的主要内容,如果未能解决你的问题,请参考以下文章
Android 逆向Linux 文件权限 ( Linux 权限简介 | 系统权限 | 用户权限 | 匿名用户权限 | 读 | 写 | 执行 | 更改组 | 更改用户 | 粘滞 )(代码片段