zoukankan      html  css  js  c++  java
  • 权限组件(5):权限粒度控制到按钮

    效果图:

     一、models层给权限增加url的别名

    这是做是为了在模板用别名判断当前用户是否有这个url(权限)
    rbac/models.py

    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题', max_length=32)
        url = models.CharField(verbose_name='含正则的URL', max_length=128)
    
        menu = models.ForeignKey(verbose_name='所属菜单', to=Menu, null=True, blank=True,
                                 help_text='null表示不是菜单,非null表示是二级菜单', on_delete=models.CASCADE
                                 )
    
        name = models.CharField(verbose_name='url的别名', max_length=32, unique=True)  # +
    
        pid = models.ForeignKey(verbose_name='关联的权限', to='Permission', null=True, blank=True, related_name='parents',
                                help_text='对于非菜单权限需要选择一个可以成为菜单的权限,用于做默认展开和选中菜单',
                                on_delete=models.CASCADE
                                )
    
        def __str__(self):
            return self.title

    注意:刚创建的时候设置成null=True和blank=True,当添加完数据后再设置unique=True,并删除null=True和blank=True

    二、在初始化权限中增加别名

    把用户权限以字典的形式储存,别名作为key。values还是一个字典,储存其他信息。
    rbac/service/init_permission.py

    from permission_learn import settings
    
    
    def init_permission(current_user, request):
        """
        用户权限的初始化
        :param current_user:  当前登录用户
        :param request:
        :return:
        """
    
        permission_menu_queryset = current_user.roles.filter(permissions__isnull=False).values(
            'permissions__id',
            'permissions__title',
            'permissions__url',
            'permissions__name',
            'permissions__pid_id',
            'permissions__pid__title',  # +
            'permissions__pid__url',
            'permissions__menu_id',
            'permissions__menu__title',
            'permissions__menu__icon',
        )
    
        permission_dict = {}  # + 
    
        menu_dict = {}
    
        for item in permission_menu_queryset:
            permission_dict[item['permissions__name']] = {
                'id': item['permissions__id'],
                'title': item['permissions__title'],
                'url': item['permissions__url'],
                'pid': item['permissions__pid_id'],
                'p_title': item['permissions__pid__title'],
                'p_url': item['permissions__pid__url'],
            }
    
            menu_id = item['permissions__menu_id']
    
            if not menu_id:
                continue
    
            second_menu = {'id': item["permissions__id"], 'title': item['permissions__title'],
                           'url': item['permissions__url']}
    
            if menu_id in menu_dict:
                menu_dict[menu_id]['second_menu'].append(second_menu)
            else:
                menu_dict[menu_id] = {
                    'title': item['permissions__menu__title'],
                    'icon': item['permissions__menu__icon'],
                    'second_menu': [second_menu, ]
                }
    
        request.session[settings.PERMISSION_SESSION_KEY] = permission_dict
        request.session[settings.MENU_SESSION_KEY] = menu_dict 

    三、中间件处理

    rbac/middlewares/rbac.py

    没有太大变化,换一下名字就行

    import re
    
    from django.utils.deprecation import MiddlewareMixin
    from django.shortcuts import HttpResponse
    from permission_learn import settings
    
    
    class RbacMiddleware(MiddlewareMixin):
       def process_request(self, request):
    
           white_list = settings.WHITE_LIST
    
           current_path = request.path
    
           for valid_url in white_list:
               if re.match(valid_url, current_path):
                   return None
    
           permission_dict = request.session.get(settings.PERMISSION_SESSION_KEY)
    
           if not permission_dict:
               return HttpResponse('请先登录 ')
    
           has_permission = False
    
           url_record = [
               {'title': '首页', 'url': '#'}
           ]
           for item in permission_dict.values():
               regex = '^%s$' % item['url']
               if re.match(regex, current_path):
                   has_permission = True
                   request.current_selected_permission = item['pid'] or item['id']
                   if not item['pid']:  # 选中的是二级菜单
                       url_record.extend([
                           {'title': item['title'], 'url': item['url'], 'class': 'active'}
                       ])
                   else:  # 选中的是具体权限
                       url_record.extend([
                           {'title': item['p_title'], 'url': item['p_url']},
                           {'title': item['title'], 'url': item['url'], 'class': 'active'},
                       ])
                   request.breadcrumb = url_record  # 通过request,把储存信息传给用户
                   break
    
           if not has_permission:
               return HttpResponse('未获取权限,请先获取权限')
    
    

    四、模板处理

    在templatestag里判断用户是否有权限(是否有url的别名)
    rbac/templatestag/rbac.py

    @register.filter()
    def has_permission(request, name):
        """判断是否有权限"""
    
        if name in request.session[settings.PERMISSION_SESSION_KEY]:
            return True

    在需要把权限控制到按钮的模板传入request,和url的别名,并进行判断。这里拿用户列表举例
    业务app/templates/customer_list.html

    {% extends 'layout.html' %}
    {% load rbac %}   <!-- 系统会默认找到templatetags的文件下面的rbac模块 -->
    ...
     {% if request|has_permission:'customer_add' %}
        <a class="btn btn-default" href="/customer/add/">
             <i class="fa fa-plus-square" aria-hidden="true"></i> 添加客户
         </a>
    {% endif %}
    
     {% if request|has_permission:'customer_import' %}
        <a class="btn btn-default" href="/customer/import/">
            <i class="fa fa-file-excel-o" aria-hidden="true"></i> 批量导入
        </a>
    {% endif %}
    
    {% if request|has_permission:'customer_edit' or request|has_permission:'customer_del' %}
         <th>选项</th>
    {% endif %}
    
    {% if request|has_permission:'customer_edit' or request|has_permission:'customer_del' %}
        <td>
            {% if request|has_permission:'customer_edit' %}
                <a style="color: #333333;" href="/customer/edit/{{ row.id }}/">
                    <i class="fa fa-edit" aria-hidden="true"></i>
                </a>
            {% endif %}
            {% if request|has_permission:'customer_del' %}
                |
                <a style="color: #d9534f;" href="/customer/del/{{ row.id }}/">
                    <i class="fa fa-trash-o"></i>
                </a>
            {% endif %}
        </td>
    {% endif %}
    ...

     

  • 相关阅读:
    谈谈对Javascript构造函数和原型对象的理解
    JS 实现无缝滚动动画原理(初学者入)
    $($('.className').html( )选择器的工作原理
    jquery中attr和prop的区别
    用for循环筛选奇偶表格栏
    insertBefore 和 insetAfter函数详解
    getNextElement( )函数——获取下一个特定的元素节点
    IDEA + SSH OA 第一天(项目收获:Hibernate XML)
    IDEA + SSH OA 第一天(IDEA 文件夹类型了解)
    IDEA + SSH OA 第一天(Hibernate : Mapping (RESOURCE) not found)
  • 原文地址:https://www.cnblogs.com/lshedward/p/10499771.html
Copyright © 2011-2022 走看看