rbac权限

Posted fwf1944

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了rbac权限相关的知识,希望对你有一定的参考价值。

 

技术图片

models.py

from django.db import models
class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) roles=models.ManyToManyField(to="Role")
def __str__(self): return self.name class Role(models.Model): title=models.CharField(max_length=32) permissions=models.ManyToManyField(to="Permission") def __str__(self): return self.title class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) action=models.CharField(max_length=32,default="") group=models.ForeignKey("PermissionGroup",default=1) def __str__(self):return self.title class PermissionGroup(models.Model): title = models.CharField(max_length=32) def __str__(self): return self.title

admin.py

from django.contrib import admin

# Register your models here.
from .models import *
class PerConfig(admin.ModelAdmin):
    list_display = ["title","url","group","action"]


admin.site.register(User)
admin.site.register(Role)
admin.site.register(Permission,PerConfig)
admin.site.register(PermissionGroup)

templatetags-->my_tags.py

from django import template

register=template.Library()

from rbac.service.rbac import reg

@register.simple_tag
def valid(link,request):
    from bs4 import BeautifulSoup
    soup=BeautifulSoup(link,"html.parser")
    print(soup.a.get(href))
    path=soup.a.get(href)

    flag=reg(request,path)

    if flag:
        return link
    else:return ""

service-->perssions.py

def initial_session(user,request):
    # 方案1
    #[{},{},{}]
    # permissions = user.roles.all().values("permissions__url").distinct()    #distinct去重
    #
    # permission_list = []
    #
    # #循环字典拿到每个字典对应的字段,只放url
    # for item in permissions:
    #     permission_list.append(item["permissions__url"])
    # print(permission_list)
    #
    # request.session["permission_list"] = permission_list
    # 方案2
    permissions = user.roles.all().values("permissions__url","permissions__group_id","permissions__action").distinct()
    print("permissions",permissions)

    permission_dict={}
    for item in permissions:
        gid=item.get(permissions__group_id)

        if not gid in permission_dict:

            permission_dict[gid]={
                "urls":[item["permissions__url"],],
                "actions":[item["permissions__action"],]
            }
        else:
            permission_dict[gid]["urls"].append(item["permissions__url"])
            permission_dict[gid]["actions"].append(item["permissions__action"])

    print(permission_dict)
    request.session[permission_dict]=permission_dict

service-->rbac.py

import re
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import  HttpResponse,redirect

def reg(request,current_path):
    # 校验权限1(permission_list)
    permission_list = request.session.get("permission_list", [])
    flag = False
    for permission in permission_list:

        permission = "^%s$" % permission

        ret = re.match(permission, current_path)
        if ret:
            flag = True
            break
    return flag


class ValidPermission(MiddlewareMixin):

    def process_request(self,request):
        # 当前访问路径
        current_path = request.path_info

        # 检查是否属于白名单
        valid_url_list=["/login/","/reg/","/admin/.*"]

        for valid_url in valid_url_list:
            ret=re.match(valid_url,current_path)
            if ret:
                return None

        # 校验是否登录

        user_id=request.session.get("user_id")

        if not user_id:
            return redirect("/login/")
        # 校验权限 (permission_list)
        #  permission_list = request.session.get("permission_list",[])  # [‘/users/‘, ‘/users/add‘, ‘/users/delete/(\\\\d+)‘, ‘users/edit/(\\\\d+)‘]
        #
        # flag = False
        # for permission in permission_list:
        #
        #     permission = "^%s$" % permission
        #
        #     ret = re.match(permission, current_path)
        #     if ret:
        #         flag = True
        #         break
        # if not flag:
        #     return HttpResponse("没有访问权限!")
        #
        # return None
        # 校验权限2
        permission_dict=request.session.get("permission_dict")
        for item in permission_dict.values():
              urls=item[urls]
              for reg in urls:
                  reg="^%s$"%reg
                  ret=re.match(reg,current_path)
                  if ret:
                      print("actions",item[actions])
                      request.actions=item[actions]
                      return None

        return HttpResponse("没有访问权限!")

urls.py

urlpatterns = [
    url(r^admin/, admin.site.urls),
    url(r^users/$, views.users),
    url(r^users/add, views.add_user),
    url(r^users/delete/(\\d+), views.del_user),
    url(r^roles/, views.roles),
    url(r^login/, views.login),
]

app01--views.py

from django.shortcuts import render,HttpResponse

# Create your views here.

from rbac.models import *

class Per(object):
    def __init__(self,actions):
        self.actions=actions
    def add(self):
        return "add" in self.actions
    def delete(self):
        return "delete" in self.actions
    def edit(self):
        return "edit" in self.actions
    def list(self):
        return "list" in self.actions

def users(request):
    user_list=User.objects.all()
    # 查询当前登录人得名字
    id = request.session.get("user_id")
    user = User.objects.filter(id=id).first()
    per=Per(request.actions)
    return render(request, "users.html", locals())

import re
def add_user(request):
    return HttpResponse("add user.....")


def del_user(request,id):
    return HttpResponse("del"+id)


def roles(request):
    role_list=Role.objects.all()
    return render(request,"roles.html",locals())


from rbac.service.perssions import *


def login(request):
    if request.method=="POST":
        user=request.POST.get("user")
        pwd=request.POST.get("pwd")
        user=User.objects.filter(name=user,pwd=pwd).first()
        if user:
            ############################### 在session中注册用户ID######################
            request.session["user_id"]=user.pk
            ###############################在session注册权限列表##############################
            # 查询当前登录用户的所有角色
            # ret=user.roles.all()
            # print(ret)# <QuerySet [<Role: 保洁>, <Role: 销售>]>

            # 查询当前登录用户的所有权限
            initial_session(user,request)
            return HttpResponse("登录成功!")


    return render(request,"login.html")

template---users.html

{% extends ‘base.html‘ %}
{% block con %}
    {% load my_tags %}
    {% valid ‘<a href="/users/add/" class="btn btn-primary">添加用户</a>‘ request %}
    <h4>用户列表</h4>

    {% if per.add %}
    <a href="users/add/" class="btn btn-primary">添加用户</a>
    {% endif %}
    <table class="table table-bordered table-striped">
        <thead>
              <tr>
                   <th>序号</th>
                   <th>姓名</th>
                   <th>角色</th>
                   <th>操作</th>
              </tr>
        </thead>
       <tbody>
            {% for user in user_list %}
            <tr>
                 <td>{{ forloop.counter }}</td>
                 <td>{{ user.name }}</td>
                 <td>
                     {% for role in user.roles.all %}
                     {{ role.title }}
                     {% endfor %}

                 </td>
                 <td>
                     {% if per.delete %}
                      <a href="/users/delete/{{ user.pk }}" class="btn btn-danger">删除</a>
                     {% endif %}
                     {% if per.edit %}
                     <a href="" class="btn btn-warning">编辑</a>
                     {% endif %}
                 </td>
            </tr>
            {% endfor %}
       </tbody>
    </table>
{% endblock %}

以上是关于rbac权限的主要内容,如果未能解决你的问题,请参考以下文章

权限想要细化到按钮,怎么做?

Rbac_权限管理

聊一个 GitHub 上开源的 RBAC 权限管理系统,很6!

深度解析RBAC用户-角色-权限设计方案,以及核心逻辑代码的讲解

20181104 tp中的权限(RBAC)

RBAC之web管理权限思路你懂多少?