• rbac权限管理


    一 权限管理 初始版

    结构

    1.创建rbac应用

    2.在models中创建对象

    models

    复制代码
    from django.db import models
    
    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题',max_length=32)
        url = models.CharField(verbose_name="含正则URL",max_length=64)
        is_menu = models.BooleanField(verbose_name="是否是菜单")
    
        class Meta:
            verbose_name_plural = "权限表"
    
        def __str__(self):
            return self.title
    
    class User(models.Model):
        """
        用户表
        """
        username = models.CharField(verbose_name='用户名',max_length=32)
        password = models.CharField(verbose_name='密码',max_length=64)
        email = models.CharField(verbose_name='邮箱',max_length=32)
    
        roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True)
    
        class Meta:
            verbose_name_plural = "用户表"
    
        def __str__(self):
            return self.username
    
    class Role(models.Model):
        """
        角色表
        """
        title = models.CharField(max_length=32)
        permissions = models.ManyToManyField(verbose_name='具有的所有权限',to='Permission',blank=True)
        class Meta:
            verbose_name_plural = "角色表"
    
        def __str__(self):
            return self.title
    复制代码

    3.基于Django admin录入权限数据

    注意;需要在admin.py 中作如下操作(只针对从用admin导入数据时配置,当然也可以从数据库中直接添加)

    复制代码
    from django.contrib import admin
    
    from . import models
    
    
    admin.site.register(models.Permission)
    admin.site.register(models.User)
    admin.site.register(models.Role)
    复制代码

    4.用户登录程序

    根据输入的用户名和密码得到相应的user,
    根据user对象获取其拥有的角色和具有的权限并去重并且将权限表中的url放入seesion中,将这部分操作的代码抽取到service包下的init_permission.py
    下的init_permission(request,user)方法中,然后在views中调用该方法即可,
    - 获取当前用户具有的所有权限(去重)
    - 获取权限中的url,放置到session中

    复制代码
    def init_permission(user,request):
        """
        初始化权限信息,获取权限信息并放置到session中。
        :param user:
        :param request:
        :return:
        """
        permission_list = user.roles.values('permissions__title', 'permissions__url', 'permissions__is_menu').distinct()
        url_list = []
        for item in permission_list:
            url_list.append(item['permissions__url'])
        print(url_list)
        request.session['permission_url_list'] = url_list
    复制代码

    5.编写中间件

    复制代码
    import re
    
    from django.shortcuts import redirect,HttpResponse
    from django.conf import settings
    
    class MiddlewareMixin(object):
        def __init__(self, get_response=None):
            self.get_response = get_response
            super(MiddlewareMixin, self).__init__()
    
        def __call__(self, request):
            response = None
            if hasattr(self, 'process_request'):
                response = self.process_request(request)
            if not response:
                response = self.get_response(request)
            if hasattr(self, 'process_response'):
                response = self.process_response(request, response)
            return response
    
    
    class RbacMiddleware(MiddlewareMixin):
    
        def process_request(self,request):
            # 1. 获取当前请求的URL
            # request.path_info
            # 2. 获取Session中保存当前用户的权限
            # request.session.get("permission_url_list')
            current_url = request.path_info
    
            # 当前请求不需要执行权限验证(白名单)
            for url in settings.VALID_URL:
                if re.match(url,current_url):
                    return None
    
            permission_list = request.session.get("permission_url_list")
            if not permission_list:
                return redirect('/login/')
    
            flag = False
            for db_url in permission_list:
                regax = "^{0}$".format(db_url)
                if re.match(regax, current_url):
                    flag = True
                    break
    
            if not flag:
                return HttpResponse('无权访问')
    复制代码

    a,获取当前访问的路径 request.path_info
    b,在setting中配置不需要验证的url--白名单(人人登录后就可以访问的如login admin.*)然后调用

    VALID_URL = [
        "/login/",
        "/admin.*"
    ]

    根据正则判断当前路径是否在白名单中,白名单中的路径要严格的控制以什么开头和以什么结尾,如果是白名单return None 继续执行后面的代码
    如果不是直接跳转到登录
    c,不是白名单的话,则判断是否已经登录,最简单的方法就是获取当前session 看是里面的url列表是否为空,如果为空的话说明没有登录,直接
    调转到登陆,不让他执行后续操作
    d,url list不为空的话就说明已经登陆了,进一步看当前的访问路径是否在是否在urllist中,在的话就说明用户具有操作该url的权限否则就说明该用户没有
    访问权限,直接return HttpResponse("无权访问")
    注意:中间件创建完成之后。需要在settings中的MIDDLEWARE最后添加'rbac.middlewares.rbac.RbacMiddleware',

    复制代码
    MIDDLEWARE = [
        'django.middleware.security.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
        'django.middleware.clickjacking.XFrameOptionsMiddleware',
        'rbac.middlewares.rbac.RbacMiddleware',
    ]
    复制代码

    示例一权限管理 加强

    对于权限管理,不单单的只是控制能不能访问某个路径,而且还需要根据用户的权限,当用户访问某个页面时,在页面上展示什么,比如某些用户
    虽然能访问首页,但是他没有添加用户的权限,这时就不能将添加按钮展现在首页,而对于具有添加用户权限的用户则需要将添加用户的按钮展示
    在首页上

    在访问列表页面时,是否需要判断:有无添加权限,有无删除权限,有无编辑权限;

    1.在rbac下的models中添加Group类,在权限表中添加code字段和外键group

    复制代码
    class Group(models.Model):
        """
        权限组
        """
        caption = models.CharField(verbose_name='组名称',max_length=16)
        
    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题',max_length=32)
        url = models.CharField(verbose_name="含正则URL",max_length=64)
        is_menu = models.BooleanField(verbose_name="是否是菜单")
        code = models.CharField(verbose_name="代码",max_length=16)
        group = models.ForeignKey(verbose_name='所属组',to="Group")
    
        class Meta:
            verbose_name_plural = "权限表"
    
        def __str__(self):
            return self.title
    复制代码


    2.在rbac/service/init_permission.py/init_permission类中进行修改

    结构化数据模型

    复制代码
    data = {
                1: {
                    'codes': ['list','add','edit','del'],
                    'urls':[
                        /userinfo/,
                        /userinfo/add/,
                        /userinfo/edit/(d+)/,
                        /userinfo/del/(d+)/,
                    ]
                },
                2: {
                    'codes': ['list','add','edit','del'],
                    'urls':[
                        /userinfo/,
                        /userinfo/add/,
                        /userinfo/edit/(d+)/,
                        /userinfo/del/(d+)/,
                    ]
                },
                
            }
    复制代码
    复制代码
    permission_list = user.roles.values('permissions__title',
                                            "permissions__code",
                                            'permissions__url',
                                            'permissions__is_menu',
                                            "permissions__group__id",
                                            ).distinct()
    
    
    
    result={}
    for item in permission_list:
        groupid=item["permissions__group__id"]
        code=item["permissions__code"]
        url=item["permissions__url"]
    
        if groupid in result:
            result[groupid]["codes"].append(code)
            result[groupid]["urls"].append(url)
        else:
            result[groupid]={
                "codes":[code,],
                "urls":[url,]
            }
    
    
    print(result)
    
    
    request.session[settings.PERMISSIONS_URL_DICT_KEY] = result
    复制代码

    3.对中间件进行修改

    import re
    
    from django.shortcuts import redirect,HttpResponse
    from django.conf import settings
    
    class MiddlewareMixin(object):
        def __init__(self, get_response=None):
            self.get_response = get_response
            super(MiddlewareMixin, self).__init__()
    
        def __call__(self, request):
            response = None
            if hasattr(self, 'process_request'):
                response = self.process_request(request)
            if not response:
                response = self.get_response(request)
            if hasattr(self, 'process_response'):
                response = self.process_response(request, response)
            return response
    
    
    class RbacMiddleware(MiddlewareMixin):
    
        def process_request(self,request):
            # 1. 获取当前请求的URL
            # request.path_info
            # 2. 获取Session中保存当前用户的权限
            # request.session.get("permission_url_list')
            current_url = request.path_info
    
            # 当前请求不需要执行权限验证
            for url in settings.VALID_URL:
                if re.match(url,current_url):
                    return None
    
            permission_dict = request.session.get(settings.PERMISSION_URL_DICT_KEY)
            if not permission_dict:
                return redirect('/login/')
    
            flag = False
            for group_id,code_url in permission_dict.items():
    
                for db_url in code_url['urls']:
                    regax = "^{0}$".format(db_url)
                    if re.match(regax, current_url):
                        request.permission_code_list = code_url['codes']
                        flag = True
                        break
                if flag:
                    break
    
            if not flag:
                return HttpResponse('无权访问')
    rbac.py

    4.对views进行操作,是否页面上显示功能按钮:

    方法1:在模块中进行判断

    {% if "add/edit/del" in request.permission_code_list %}
      <a href="">添加/编辑/删除</a>
    {% endif%}

    方法二:
    在views中利用面向对象

    复制代码
    class BasePagePermission(object):
        def __init__(self,code_list):
            self.code_list = code_list
    
        def has_add(self):
            if "add" in self.code_list:
                return True
    
        def has_edit(self):
            if 'edit' in self.code_list:
                return True
        def has_del(self):
            if 'del' in self.code_list:
                return True
    
    def userinfo(request):
        page_permission = BasePagePermission(request.permission_code_list)
        data_list = [
            {'id':1,'name':'xxx1'},
            {'id':2,'name':'xxx2'},
            {'id':3,'name':'xxx3'},
            {'id':4,'name':'xxx4'},
            {'id':5,'name':'xxx5'},
        ]
    
        return render(request,'userinfo.html',{'data_list':data_list,'page_permission':page_permission})
    复制代码

    5.模块中进行判断

    {%   if pagepermission.has_add %}
    <p><a href="">添加</a></p>
    {% endif %}

    示例二 菜单展示

    1.在models中添加Menu对象(表)以及和Group建立起一对多的对应关系

    from django.db import models
    
    class Menu(models.Model):
        """
        菜单组
        """
        title = models.CharField(max_length=32)
    
    
    class Group(models.Model):
        """
        权限组
        """
        caption = models.CharField(verbose_name='组名称',max_length=16)
        menu = models.ForeignKey(verbose_name='所属菜单',to='Menu')
    
    
    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题',max_length=32)
        url = models.CharField(verbose_name="含正则URL",max_length=64)
        is_menu = models.BooleanField(verbose_name="是否是菜单")
        code = models.CharField(verbose_name="代码",max_length=16)
        group = models.ForeignKey(verbose_name='所属组',to="Group")
    
        class Meta:
            verbose_name_plural = "权限表"
    
        def __str__(self):
            return self.title
    
    class User(models.Model):
        """
        用户表
        """
        username = models.CharField(verbose_name='用户名',max_length=32)
        password = models.CharField(verbose_name='密码',max_length=64)
        email = models.CharField(verbose_name='邮箱',max_length=32)
    
        roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True)
    
        class Meta:
            verbose_name_plural = "用户表"
    
        def __str__(self):
            return self.username
    
    class Role(models.Model):
        """
        角色表
        """
        title = models.CharField(max_length=32)
        permissions = models.ManyToManyField(verbose_name='具有的所有权限',to='Permission',blank=True)
        class Meta:
            verbose_name_plural = "角色表"
    
        def __str__(self):
            return self.title
    models

    2.- 初始化: 获取菜单信息+权限信息

    复制代码
    from django.conf import settings
    
    
    def init_permission(user,request):
        """
        初始化权限信息,获取权限信息并放置到session中。
        :param user:
        :param request:
        :return:
        """
        permission_list = user.roles.values('permissions__title',              # 用户列表
                                            'permissions__url',
                                            'permissions__code',
                                            'permissions__is_menu',            # 是否是菜单
                                            'permissions__group_id',
                                            'permissions__group__menu_id',     # 菜单ID
                                            'permissions__group__menu__title',#  菜单名称
                                            ).distinct()
    
        menu_list = []
        # 去掉不是菜单的URL
        for item in permission_list:
            if not item['permissions__is_menu']:
                continue
            tpl = {
                    'menu_id':item['permissions__group__menu_id'],
                    'menu_title':item['permissions__group__menu__title'],
                    'title':item['permissions__title'],
                    'url':item['permissions__url'],
                    'active':False,
            }
            menu_list.append(tpl)
    
        request.session[settings.PERMISSION_MENU_KEY] = menu_list
    
    
        # 权限相关
        result = {}
        for item in  permission_list:
            group_id = item['permissions__group_id']
            code = item['permissions__code']
            url = item['permissions__url']
            if group_id in result:
                result[group_id]['codes'].append(code)
                result[group_id]['urls'].append(url)
            else:
                result[group_id] = {
                    'codes':[code,],
                    'urls':[url,]
                }
    
        request.session[settings.PERMISSION_URL_DICT_KEY] = result
    复制代码

    结构化数据 示例;

    复制代码
    mport re
    menu_list = [
        {'menu_id':1, 'menu_title':'菜单一','title':'用户列表','url':'/userinfo/','active':False},
        {'menu_id':1, 'menu_title':'菜单一','title':'订单列表','url':'/order/','active':False},
        {'menu_id':2, 'menu_title':'菜单二','title':'xxx列表','url':'/xxx/','active':False},
        {'menu_id':2, 'menu_title':'菜单二','title':'iii列表','url':'/uuu/','active':False},
    ]
    
    current_url = "/userinfo/"
    
    res={}
    
    for tem in menu_list:
        mid=tem["menu_id"]
        mtitle=tem["menu_title"]
        title=tem["title"]
        url=tem["url"]
        active=False
        if re.match(url,current_url):
            active=True
        if mid in res:
            res[mid]["children"].append({"title":title,"url":url,"active":active})
            if active:
                res[mid]["active"]=True
        else:
    
            res[mid]={
                "menu_id":mid,
                "menu_title":mtitle,
                "active":active,
                "children":[
                    {"title":title,"url":url,"active":True},
    
                ]
            }
    
    print(res)
    复制代码

    结果:

    复制代码
    aa={
        1:
            {
                'menu_id': 1,
                'menu_title': '菜单一',
                'active': True,
                'children': [{'title': '用户列表', 'url': '/userinfo/', 'active': True},
                             {'title': '订单列表', 'url': '/order/', 'active': True}]
            },
        2:
            {
            'menu_id': 2,
            'menu_title': '菜单二',
            'active': True,
            'children': [{'title': 'xxx列表', 'url': '/xxx/', 'active': True},
                         {'title': 'iii列表', 'url': '/uuu/', 'active': True}]
           }
    }
    复制代码

    3.显示多级菜单

    模块中操作
    其中菜单部分由自定义标签生产
    具体展示页面则用模块继承:如userinfo

    a. base.html

    复制代码
    {% load rbac %}
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>Title</title>
        <link rel="stylesheet" href="/static/rbac/rbac.css">
    </head>
    <body>
    <div style="float: left; 20%;height: 900px;background-color: darkgrey">
      {% menu_html request %}
    </div>
    <div style="float: left; 80%">
       {% block content %}
        {% endblock %}
    </div>
    </body>
    <script src="/static/jquery-3.2.1.min.js"></script>
    <script src="/static/rbac/rbac.js"></script>
    </html>
    复制代码

    b. userinfo.html

    复制代码
    {%  extends "base.html" %}
    {% block content %}
    {%   if pagepermission.has_add %}
    <p><a href="">添加</a></p>
    {% endif %}
    <table>
        <thead>
        <th>id</th>
        <th>name</th>
        <th>操作</th>
        </thead>
    
        <tbody>
        {% for foo in data_list %}
          <tr>
          <td>{{ foo.id }}</td>
          <td>{{ foo.name }}</td>
          <td>
            {% if pagepermission.has_edit %}
                <a href="#">编辑</a>
            {% endif %}
    
          {% if pagepermission.has_del %}
              <a href="#">删除</a>
          {% endif %}
          </td>
          </tr>
        {% endfor %}
    
    {% endblock %}
    复制代码

    c.建立自定义标签

    rbac/templatetags/rabc.py

    import re
    from django.template import Library
    from django.conf import settings
    register = Library()
    
    @register.inclusion_tag("menuList.html")
    def menu_html(request):
        menu_list = request.session[settings.PERMISSION_MENU_KEY]
        current_url = request.path_info
        result = {}
        for item in menu_list:
            url = item['url']
            regex = "^{0}$".format(url)
            active = False
            if re.match(regex,current_url):
                active = True
    
            menu_id = item['menu_id']
            if menu_id in result:
                result[menu_id]['children'].append({'title': item['title'], 'url': item['url'], 'active': active})
                if active:
                    result[menu_id]['active'] = True
            else:
                result[menu_id] = {
                    'menu_id': menu_id,
                    'menu_title': item['menu_title'],
                    'active': active,
                    'children': [
                        {'title': item['title'], 'url': item['url'], 'active': active},
                    ]
                }
    
        return {'menu_dict':result}
    rbac.py

    d. menuList.html

    复制代码
    {% for k,item in menu_dict.items %}
     <div class="item">
           <div class="item_title">{{ item.menu_title }}</div>
           {% if item.active %}
            <div class="item_permissions">
               {% else %}
               <div class="item_permissions hide">
           {% endif %}
              {% for v in item.children %}
               {% if v.active %}
                   <a href="#" class="active">{{ v.title }}</a>
                   {% else %}
                   <a href="#">{{ v.title }}</a>
               {% endif %}
              {% endfor %}
           </div>
       </div>
    {% endfor %}
    复制代码

    e.相关css和js

    在rbac建立static/rbac目录在其中创建rabc.css和rabc.js

    .item_permissions{
        padding: 3px 10px;
    }
    
    .item_permissions a{
        display: block;
    }
    
    .item_permissions a.active{
        color: red;
    }
    
    .hide{
        display: none;
    }
    rbac.css
    $(function () {
        $(".item_title").click(function () {
            $(this).next().toggleClass("hide")
        });
    })
    rbac.js

    四.菜单展示改进

    因为当我们对用户部分进行增删改时,用户列表也应该事展开的,但是我们上面所写的当我们点击增加删除编辑按钮时,用户菜单会闭合而不是展开的
    对此我们进行了改进

    1..在权限表中增加字段menu_gp,并删除is_menu字段

    from django.db import models
    
    class Menu(models.Model):
        '''
        菜单表
        '''
        title=models.CharField(max_length=32,verbose_name="菜单名称")
    
    class Group(models.Model):
        '''
        权限组
        '''
        caption=models.CharField(max_length=32,verbose_name="组名称")
        menu=models.ForeignKey(verbose_name="所属菜单",to="Menu",default=1)
    
    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题',max_length=32)
        url = models.CharField(verbose_name="含正则URL",max_length=64)
        # is_menu = models.BooleanField(verbose_name="是否是菜单")
        menu_gp=models.ForeignKey(verbose_name="组内菜单",to="Permission",null=True,blank=True)
        code=models.CharField(max_length=32,verbose_name="代码",default="list")
        group=models.ForeignKey(verbose_name="s所在权限组",to="Group",default=1)
    
    
        class Meta:
            verbose_name_plural = "权限表"
    
        def __str__(self):
            return self.title
    
    class User(models.Model):
        """
        用户表
        """
        username = models.CharField(verbose_name='用户名',max_length=32)
        password = models.CharField(verbose_name='密码',max_length=64)
        email = models.CharField(verbose_name='邮箱',max_length=32)
    
        roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True)
    
        class Meta:
            verbose_name_plural = "用户表"
    
        def __str__(self):
            return self.username
    
    class Role(models.Model):
        """
        角色表
        """
        title = models.CharField(max_length=32)
        permissions = models.ManyToManyField(verbose_name='具有的所有权限',to='Permission',blank=True)
        class Meta:
            verbose_name_plural = "角色表"
    
        def __str__(self):
            return self.title
    moedels.py

    2.修改初始化中菜单

    复制代码
    from django.conf import settings
    def init_permission(user,request):
        """
        初始化权限信息,获取权限信息并放置到session中。
        :param user:
        :param request:
        :return:
        """
        permission_list = user.roles.values('permissions__title',
                                            "permissions__code",
                                            "permissions__id",
                                            'permissions__url',
                                            'permissions__menu_gp_id',
                                            "permissions__group__id",
                                            "permissions__group__menu_id",
                                            "permissions__group__menu__title",
                                            ).distinct()
    
    
    
        menu_list=[]
        for item in permission_list:
            tpl={
                "id":item["permissions__id"],
                "title":item["permissions__title"],
                "menu_title":item["permissions__group__menu__title"],
                "url":item["permissions__url"],
                "menu_id":item["permissions__group__menu_id"],
                "menu_gp_id":item["permissions__menu_gp_id"],
            }
            menu_list.append(tpl)
    
        request.session[settings.PERMISSIONS_MENU_KEY]=menu_list
    
    
    
        # menu_list=[]
        # for item in permission_list:
        #     if not item["permissions__is_menu"]:
        #         continue
        #
        #     tpl={
        #         "menu_id":item["permissions__group__menu_id"],
        #         "menu_title":item["permissions__group__menu__title"],
        #         "title":item["permissions__title"],
        #         "url":item["permissions__url"],
        #         "active":False,
        #     }
        #
        #     menu_list.append(tpl)
        # print(menu_list)
        # request.session[settings.PERMISSIONS_MENU_KEY]=menu_list
         #权限管理
        result={}
        for item in permission_list:
            groupid=item["permissions__group__id"]
            code=item["permissions__code"]
            url=item["permissions__url"]
    
            if groupid in result:
                result[groupid]["codes"].append(code)
                result[groupid]["urls"].append(url)
            else:
                result[groupid]={
                    "codes":[code,],
                    "urls":[url,]
                }
    
    
        print(result)
    
    
        request.session[settings.PERMISSIONS_URL_DICT_KEY] = result
    复制代码

    3.修改定义标签

    rbac.py

    其他不做修改

     
  • 相关阅读:
    你了解RTOS吗?
    [转] git rebase 详解
    MinGW vs MinGW-W64及其它
    【转】Video Rendering with 8-Bit YUV Formats
    Ubuntu假死
    渐进增强和优雅降级的区别
    JavaScript 插件的学习
    菜单的制作
    生活
    小组学习情况
  • 原文地址:https://www.cnblogs.com/Mikusa/p/10874884.html
Copyright © 2020-2023  润新知