# 关于在白名单里添加“/”没有加$的问题 # 匹配不上返回None # 匹配上返回对象 import re ret=re.match("/$","/orders/") print(ret) # None ret1=re.match("/","/orders/") print(ret1) # <_sre.SRE_Match object; span=(0, 1), match='/'>
什么是权限:一个包含正则的url
关于某个角色拥有查看用户权限,但无添加用户权限
能匹配 /orders/ 但手动添加orders/add也能访问到
在中间件进行匹配url没有加$
粒度到按钮级别
没有权限的用户不显示按钮
views
def orders(request): permission_list=request.session.get("permission_list") #["/orders/"] 订单页面在视图中能知道用户的权限 传到模板 return render(request,"orders.html",locals()) def orders_add(request): return HttpResponse("添加订单")
HTML
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>订单页面</title> <link rel="stylesheet" href="/static/bootstrap-3.3.7/css/bootstrap.css"> </head> <body> <h3>订单列表</h3> <div class="col-md-6"> {% if "/orders/add/" in permission_list %} <p><a href="/orders/add"><button class="btn btn-primary pull-right">添加订单</button></a></p> {% endif %} <table class="table table-striped"> <tr> <th>订单编号</th> <th>订单日期</th> <th>商品名称</th> </tr> <tr> <td>123456</td> <td>2016-12-16</td> <td>草莓</td> </tr> </table> </div> </body> </html>
但是上面有个局限性,就是不能进行正则判断
思路:给权限表进行分组,将权限之间的关系描述出来
from django.contrib import admin # Register your models here. from .models import * admin.site.register(UserInfo) admin.site.register(Role) admin.site.register(PermissionGroup) # 修改admin显示页面 class PermissionConfig(admin.ModelAdmin): list_display = ["id","title","url","permission_group"] ordering = ["id"] admin.site.r