Django web框架之權限管理二
阿新 • • 發佈:2017-11-13
mes tag 自定義模板 urn temp template 定義 文件 pla
1. login登錄
def login(request):
if request.method=="GET":
return render(request,‘login.html‘)
else:
username=request.POST.get(‘user‘)
password=request.POST.get(‘pwd‘)
user=models.User.objects.filter(username=username,password=password).first()
if user:
init_permission(user,request)
return redirect(‘/index/‘)
else:
return redirect(‘/login/‘)
2. init_permission(user,request)定制Session
from django.conf import settings def init_permission(user,request):
# 取數據 permission_list = user.roles.values( ‘permission__id‘, ‘permission__title‘, ‘permission__url‘, ‘permission__code‘, ‘permission__menu_group‘, ‘permission__group_id‘, ‘permission__group__caption‘, ‘permission__group__menu_id‘, ‘permission__group__menu__title‘, ).distinct() current_url = request.path_info # 過濾權限相關的 result = {} # 用戶所有的操作代碼和可訪問的url地址——權限相關 for item in permission_list: group_id=item[‘permission__group_id‘] code = item[‘permission__code‘] url=item[‘permission__url‘] if group_id in result: result[group_id][‘codes‘].append(code) result[group_id][‘urls‘].append(url) else: result[group_id]={ ‘codes‘:[code,], ‘urls‘:[url,], } # Session中添加字典 request.session[settings.PERMISSION_URL_DICT_KEY] = result # 過濾菜單相關的 menu_list = [] for item in permission_list: msg = { ‘id‘: item[‘permission__id‘], ‘title‘: item[‘permission__title‘], ‘url‘: item[‘permission__url‘], ‘menu_gp_id‘: item[‘permission__menu_group‘], ‘menu_id‘: item[‘permission__group__menu_id‘], ‘menu_title‘: item[‘permission__group__menu__title‘], } menu_list.append(msg) # Session中添加字典 request.session[settings.PERMISSION_MENU_KEY]=menu_list
3. setting配置
PERMISSION_URL_DICT_KEY=‘permission_url_dict‘ # 權限url數據 PERMISSION_MENU_KEY=‘permission_menu_dict‘ # 菜單字典數據
4. 創建中間件
路徑:E:\permission80\rbac\middleware\rbac.py
import re
from django.conf import settings
from django.shortcuts import redirect,render,HttpResponse
class MiddlewareMixin(object):
def __init__(self, get_response=None):
self.get_response = get_response
super(MiddlewareMixin, self).__init__()
def __call__(self, request):
response = None
if hasattr(self, ‘process_request‘):
response = self.process_request(request)
if not response:
response = self.get_response(request)
if hasattr(self, ‘process_response‘):
response = self.process_response(request, response)
return response
# 繼承父類MiddlewareMixin方法
class RbacMiddleware(MiddlewareMixin):
def process_request(self,request):
current_url=request.path_info # 取到用戶方法的路徑信息:譬如 /index/,/userinfo/
# 判斷用戶訪問的路徑是否在白名單中
for url in settings.VALID_URL:
regax="^{0}$".format(url)
# 如果匹配成功停止匹配,None繼續往後面執行其他中間件,如果沒有則直接到url路由規則中匹配,(/index/ ,views.index)
if re.match(regax,current_url):
return None
# 從Session中取到權限數據,用戶權限下的路徑
permission_dict=request.session.get(settings.PERMISSION_URL_DICT_KEY)
# 如果沒有則跳轉到登錄路徑
if not permission_dict:
return redirect(‘/login/‘)
flag=False
for group_id,code_url_dic in permission_dict.items():
for db_url in code_url_dic[‘urls‘]:
regax="^{0}$".format(db_url)
# 匹配當前用戶權限的路徑是哪一個路徑
if re.match(regax,current_url):
# 給request中添加一個字典,values對應用戶訪問的權限下的codes代碼:譬如 add list edit
request.permission_code_list=code_url_dic[‘codes‘]
flag=True
break
if flag:
break
if not flag:
return HttpResponse(‘無權訪問‘)
5. setting配置中間件
# 白名單
VALID_URL=[
‘/login/‘,
‘/logoff/‘,
‘/index/‘,
‘/test/‘,
‘/admin.*‘,
]
# 加入中間件列表中
MIDDLEWARE = [
‘django.middleware.security.SecurityMiddleware‘,
‘django.contrib.sessions.middleware.SessionMiddleware‘,
‘django.middleware.common.CommonMiddleware‘,
‘django.middleware.csrf.CsrfViewMiddleware‘,
‘django.contrib.auth.middleware.AuthenticationMiddleware‘,
‘django.contrib.messages.middleware.MessageMiddleware‘,
‘django.middleware.clickjacking.XFrameOptionsMiddleware‘,
‘rbac.middleware.rbac.RbacMiddleware‘,
]
6. 自定義模板
路徑:E:\permission80\rbac\templatetags\rbactag.py
a. 首先創建模板目錄templatetags,名稱必須一樣
import re
from django.conf import settings
from django.template import Library
register = Library()
# 引用html文件tag.html
@register.inclusion_tag(‘tag.html‘)
def menu_html(request):
# 通過request取到定制session中的菜單數據
permission_menu = request.session[settings.PERMISSION_MENU_KEY]
current_url = request.path_info
menu_dict = {}
for item in permission_menu:
# 判斷組內菜單是否在menu_dict中
if not item[‘menu_gp_id‘]:
menu_dict[item[‘menu_id‘]] = item
for item in permission_menu:
regax = "^{0}$".format(item[‘url‘])
# 匹配用戶訪問的路徑是menu_dict中哪一個,給訪問的路徑添加一條actvie活動匹配
if re.match(regax, current_url):
menu_gp_id = item[‘menu_id‘]
if menu_gp_id:
# 菜單組添加active
menu_dict[menu_gp_id][‘active‘] = True
else:
# 組內菜單列表添加
menu_dict[item[‘id‘]][‘active‘] = True
result = {}
for item in menu_dict.values():
active = item.get(‘active‘)
menu_id = item[‘menu_id‘]
if menu_id in result:
result[menu_id][‘children‘].append({‘title‘: item[‘title‘], ‘url‘: item[‘url‘], ‘active‘: active})
if active:
result[menu_id][‘active‘] = True
else:
result[menu_id] = {
‘menu_id‘: item[‘menu_id‘],
‘menu_title‘: item[‘menu_title‘],
‘active‘: active,
‘children‘: [
{‘title‘: item[‘title‘], ‘url‘: item[‘url‘], ‘active‘: active}
]
}
return {‘menu_dict‘: result}
Django web框架之權限管理二