权限--中间件
Posted Fugui
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了权限--中间件相关的知识,希望对你有一定的参考价值。
---恢复内容开始---
1,配置文件
USER = ‘permission_url_list‘ """ 设置session别名 """ # ######################### rbac ############################ """ 设置白名单 """ VALID_URL = [ "/login/$", "/admin.*" ]
INSTALLED_APPS = [ ‘django.contrib.admin‘, ‘django.contrib.auth‘, ‘django.contrib.contenttypes‘, ‘django.contrib.sessions‘, ‘django.contrib.messages‘, ‘django.contrib.staticfiles‘, ‘rbac.apps.RbacConfig‘, ‘app01.apps.App01Config‘, ] MIDDLEWARE = [ ‘django.middleware.security.SecurityMiddleware‘, ‘django.contrib.sessions.middleware.SessionMiddleware‘, ‘django.middleware.common.CommonMiddleware‘, ‘django.middleware.csrf.CsrfViewMiddleware‘, ‘django.contrib.auth.middleware.AuthenticationMiddleware‘, ‘django.contrib.messages.middleware.MessageMiddleware‘, ‘django.middleware.clickjacking.XFrameOptionsMiddleware‘, ‘rbac.middlewares.rbac.RbacMiddleware‘ ]
2,创建一个rbac的APP
创建表
from django.db import models class Permission(models.Model): """ 权限表 """ title = models.CharField(verbose_name=‘标题‘,max_length=32) url = models.CharField(verbose_name="含正则URL",max_length=64) is_menu = models.BooleanField(verbose_name="是否是菜单") class Meta: verbose_name_plural = "权限表" def __str__(self): return self.title class User(models.Model): """ 用户表 """ username = models.CharField(verbose_name=‘用户名‘,max_length=32) password = models.CharField(verbose_name=‘密码‘,max_length=64) email = models.CharField(verbose_name=‘邮箱‘,max_length=32) roles = models.ManyToManyField(verbose_name=‘具有的所有角色‘,to="Role",blank=True) class Meta: verbose_name_plural = "用户表" def __str__(self): return self.username class Role(models.Model): """ 角色表 """ title = models.CharField(max_length=32) permissions = models.ManyToManyField(verbose_name=‘具有的所有权限‘,to=‘Permission‘,blank=True) class Meta: verbose_name_plural = "角色表" def __str__(self): return self.title
创建一个middlewares文件夹(登录验证中间件 )
import re from django.shortcuts import redirect,HttpResponse from django.conf import settings class MiddlewareMixin(object): def __init__(self, get_response=None): self.get_response = get_response super(MiddlewareMixin, self).__init__() def __call__(self, request): response = None if hasattr(self, ‘process_request‘): response = self.process_request(request) if not response: response = self.get_response(request) if hasattr(self, ‘process_response‘): response = self.process_response(request, response) return response class RbacMiddleware(MiddlewareMixin): def process_request(self,request): # 1. 获取当前请求的URL # request.path_info # 2. 获取Session中保存当前用户的权限 # request.session.get("permission_url_list‘) current_url=request.path_info print(current_url) for row in settings.VALID_URL: if re.match(row, current_url): return None permission_list=request.session.get(settings.USER) if not permission_list: return redirect("/login/") flag = False for db_url in permission_list: regax="^{0}$".format(db_url) if re.match(regax,current_url): flag = True break if not flag: return HttpResponse("无权访问")
创建service文件夹(初始化权限信息,获取权限信息并放置到session中)
from django.conf import settings def init_permission(user,request): """ 初始化权限信息,获取权限信息并放置到session中。 :param user: :param request: :return: """ permission_list = user.roles.values(‘permissions__title‘, ‘permissions__url‘, ‘permissions__is_menu‘).distinct() url_list = [] for item in permission_list: url_list.append(item[‘permissions__url‘]) request.session[settings.USER] = url_list permission_list=user.roles.values
---恢复内容结束---