• 10.11 rbac权限


    2018-10-11 12:25:11

    现在写代码时候,不要好多代码放在一块!注重解耦!!!!!

    把权限放到中间件里面,每次访问的时候都用到!

    自己的网站弄完了,博客网站已经正式上线,就是有点丑! www.sizhanan.cn/index

    越努力越幸运!永远不要高估自己!

    先贴上笔记!

    权限组件
    
       1 项目与应用
       
       
       2 什么是权限?
        
         一个包含正则表达式url就是一个权限
        
       
         who   what    how   ---------->True  or  Flase
         
         UserInfor
         
             name       
             pwd
             permission=models.manytomany(Permission)
            
            
            name   pwd    
            egon   123            
            alex   456    
            A      111
            B      222
            C      333
            D      444
            
            
         Permission
         
            url=.....
              title=....
            
        id       url            title
        1     "/users/"         "查看用户"
        2     "/users/add/"     "添加用户"
         3    "/customer/add"    "添加客户"
             
         UserInfor_permission
    
            id
            user_id
            permission_id        
             
             
            id    user_id   permission_id
             1       1           1        
             2       1           2
             3       2           2
             
             4       3           1
             5       3           2
             6       3           3
             
             4       4           1
             5       4           2
             6       4          3
             
             
             4       5           1
             5       5           2
             6       5           3
             
             
             4       6           1
             5       6           2
             6       6           3
             
             
             4       7           1
             5       7           2
             6       7           3
             
             
             
             
             
        示例:登录人:egon
              访问url:http://127.0.0.1:8000/users/    
             
              
              def users(request):
                 
                 user_id=request.session.get("user_id")
                 
                 
                 obj=UserInfor.objects.filter(pk=user_id).first()
                 obj.permission.all().valuelist("url")
                 
                 
                 
                 return HttpResponse("users.....")
             
             
        # 版本2:
    
    
    
        UserInfor
         
             name       
             pwd
             roles
            
            
            
            name   pwd    
            egon   123            
            alex   456    
            alex   456    
            alex   456    
            alex   456    
            alex   456    
            alex   456    
            alex   456    
            alex   456    
            
                
        Role
           
           title=.......       
           permissions=......
           
             id   title
             1   销售员
           
        
        UserInfor2Role
    
           id     user_id    role_id    
            1        1          1
    
            
        Permission
         
            url=.....
              title=....
            
        id       url            title
        1     "/users/"         "查看用户"
        2     "/users/add/"     "添加用户"
         3    "/customer/add"    "添加客户"
             
        
             
             
        Role2Permission
    
        id  role_id   permission_id    
         1      1           1
         2      1           2
         3      1           3
             
             
             
        3  rbac(role-based access control) 
         
         
         
        
    关于rbac:
    
        (1) 创建表关系:
            class User(models.Model):
                name=models.CharField(max_length=32)
                pwd=models.CharField(max_length=32)
                roles=models.ManyToManyField(to="Role")
    
                def __str__(self): return self.name
    
            class Role(models.Model):
                title=models.CharField(max_length=32)
                permissions=models.ManyToManyField(to="Permission")
    
                def __str__(self): return self.title
    
            class Permission(models.Model):
                title=models.CharField(max_length=32)
                url=models.CharField(max_length=32)
    
                def __str__(self):return self.title
        
        (2) 基于admin录入数据
    
    
        (3) 登录校验:
            
            if 登录成功:
               
                查询当前登录用户的权限列表注册到session中
    
        (4) 校验权限(中间件的应用)
            class ValidPermission(MiddlewareMixin):
    
                def process_request(self,request):
    
                    # 当前访问路径
                    current_path = request.path_info
    
                    # 检查是否属于白名单
                    valid_url_list=["/login/","/reg/","/admin/.*"]
    
                    for valid_url in valid_url_list:
                        ret=re.match(valid_url,current_path)
                        if ret:
                            return None
    
    
                    # 校验是否登录
    
                    user_id=request.session.get("user_id")
    
                    if not user_id:
                        return redirect("/login/")
    
    
                    # 校验权限
                    permission_list = request.session.get("permission_list",[])  # ['/users/', '/users/add', '/users/delete/(\d+)', 'users/edit/(\d+)']
    
    
                    flag = False
                    for permission in permission_list:
    
                        permission = "^%s$" % permission
    
                        ret = re.match(permission, current_path)
                        if ret:
                            flag = True
                            break
                    if not flag:
                        return HttpResponse("没有访问权限!")
    
                    return None
                    
                    
            
            
                
               
            
           

    rbac/service/perssions.py

    # by luffycity.com
    
    
    def initial_session(user,request):
        permissions = user.roles.all().values("permissions__url").distinct()
    
        permission_list = []
    
        for item in permissions:
            permission_list.append(item["permissions__url"])
        print(permission_list)
    
        request.session["permission_list"] = permission_list

    rbac/service/rbac.py    把这个文件在settings 中间件里面注册一下

    MIDDLEWARE = [ ........... "rbac.service.rbac.ValidPermission" ]

    # by luffycity.com
    import re
    from django.utils.deprecation import MiddlewareMixin
    from django.shortcuts import  HttpResponse,redirect
    
    class ValidPermission(MiddlewareMixin):
    
        def process_request(self,request):
    
    
            # 当前访问路径
            current_path = request.path_info
    
            # 检查是否属于白名单
            valid_url_list=["/login/","/reg/","/admin/.*"]
    
            for valid_url in valid_url_list:
                ret=re.match(valid_url,current_path)
                if ret:
                    return None
    
    
            # 校验是否登录
    
            user_id=request.session.get("user_id")
    
            if not user_id:
                return redirect("/login/")
    
    
            # 校验权限
            permission_list = request.session.get("permission_list",[])  # ['/users/', '/users/add', '/users/delete/(\d+)', 'users/edit/(\d+)']
    
            flag = False
            for permission in permission_list:
    
                permission = "^%s$" % permission
    
                ret = re.match(permission, current_path)
                if ret:
                    flag = True
                    break
            if not flag:
                return HttpResponse("没有访问权限!")
    
            return None

    app01/views.py

    from django.shortcuts import render,HttpResponse
    
    # Create your views here.
    
    
    
    from rbac.models import *
    
    
    def users(request):
        user_list=User.objects.all()
    
        return render(request,"users.html",locals())
    
    
    import re
    def add_user(request):
    
    
        return HttpResponse("add user.....")
    
    def roles(request):
    
        role_list=Role.objects.all()
    
        return render(request,"roles.html",locals())
    from rbac.service.perssions import *
    
    def login(request):
    
        if  request.method=="POST":
    
            user=request.POST.get("user")
            pwd=request.POST.get("pwd")
    
            user=User.objects.filter(name=user,pwd=pwd).first()
            if user:
                ############################### 在session中注册用户ID######################
                request.session["user_id"]=user.pk
    
                ###############################在session注册权限列表##############################
    
    
    
                # 查询当前登录用户的所有角色
                # ret=user.roles.all()
                # print(ret)# <QuerySet [<Role: 保洁>, <Role: 销售>]>
    
                # 查询当前登录用户的所有权限
                initial_session(user,request)
    
    
                return HttpResponse("登录成功!")
    
    
        return render(request,"login.html")

    2018-10-11 12:30:25

    权限系统还是很简单的!

  • 相关阅读:
    接口
    echartsx轴名称过长,截断+鼠标划过显示全称
    浏览器兼容的几点思路
    安装gulp教程(整理)
    TortoiseSVN文件夹及文件图标、标识、绿色小对号不显示解决方法(转载)
    css实现小三角(转载+个人笔记)
    css常用样式(待更新)
    表格样式设计和几点考量
    一些大神或者觉得有益的博客、专栏等(不定时更新)
    搭配bootstracp运用的通用样式(想起来就开个头,待补充……)
  • 原文地址:https://www.cnblogs.com/zhen1996/p/9771759.html
Copyright © 2020-2023  润新知