zoukankan      html  css  js  c++  java
  • 权限--中间件

    ---恢复内容开始---

    1,配置文件

    USER = 'permission_url_list'
    """
    设置session别名
    """
    # ######################### rbac ############################
    """
    设置白名单
    """
    VALID_URL = [
        "/login/$",
        "/admin.*"
    ]
    INSTALLED_APPS = [
        'django.contrib.admin',
        'django.contrib.auth',
        'django.contrib.contenttypes',
        'django.contrib.sessions',
        'django.contrib.messages',
        'django.contrib.staticfiles',
        'rbac.apps.RbacConfig',
        'app01.apps.App01Config',
    ]
    
    MIDDLEWARE = [
        'django.middleware.security.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
        'django.middleware.clickjacking.XFrameOptionsMiddleware',
        'rbac.middlewares.rbac.RbacMiddleware'
    ]

    2,创建一个rbac的APP

    创建表

    from django.db import models
    
    class Permission(models.Model):
        """
        权限表
        """
        title = models.CharField(verbose_name='标题',max_length=32)
        url = models.CharField(verbose_name="含正则URL",max_length=64)
        is_menu = models.BooleanField(verbose_name="是否是菜单")
    
        class Meta:
            verbose_name_plural = "权限表"
    
        def __str__(self):
            return self.title
    
    class User(models.Model):
        """
        用户表
        """
        username = models.CharField(verbose_name='用户名',max_length=32)
        password = models.CharField(verbose_name='密码',max_length=64)
        email = models.CharField(verbose_name='邮箱',max_length=32)
    
        roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True)
        class Meta:
            verbose_name_plural = "用户表"
    
        def __str__(self):
            return self.username
    
    class Role(models.Model):
        """
        角色表
        """
        title = models.CharField(max_length=32)
        permissions = models.ManyToManyField(verbose_name='具有的所有权限',to='Permission',blank=True)
        class Meta:
            verbose_name_plural = "角色表"
    
        def __str__(self):
            return self.title
    models

    创建一个middlewares文件夹(登录验证中间件 )

    import re
    
    from django.shortcuts import redirect,HttpResponse
    from django.conf import settings
    
    class MiddlewareMixin(object):
        def __init__(self, get_response=None):
            self.get_response = get_response
            super(MiddlewareMixin, self).__init__()
    
        def __call__(self, request):
            response = None
            if hasattr(self, 'process_request'):
                response = self.process_request(request)
            if not response:
                response = self.get_response(request)
            if hasattr(self, 'process_response'):
                response = self.process_response(request, response)
            return response
    
    
    class RbacMiddleware(MiddlewareMixin):
    
        def process_request(self,request):
            # 1. 获取当前请求的URL
            # request.path_info
            # 2. 获取Session中保存当前用户的权限
            # request.session.get("permission_url_list')
    
            current_url=request.path_info
            print(current_url)
            for row in settings.VALID_URL:
                if re.match(row, current_url):
                    return None
    
            permission_list=request.session.get(settings.USER)
            if not permission_list:
                return redirect("/login/")
            flag = False
            for db_url in permission_list:
                regax="^{0}$".format(db_url)
                if re.match(regax,current_url):
                    flag = True
                    break
                if not flag:
                    return HttpResponse("无权访问")
    rbac.py

    创建service文件夹(初始化权限信息,获取权限信息并放置到session中)

    from django.conf import settings
    def init_permission(user,request):
        """
        初始化权限信息,获取权限信息并放置到session中。
        :param user:
        :param request:
        :return:
        """
        permission_list = user.roles.values('permissions__title', 'permissions__url', 'permissions__is_menu').distinct()
        url_list = []
        for item in permission_list:
            url_list.append(item['permissions__url'])
        request.session[settings.USER] = url_list
        permission_list=user.roles.values
    init_permission.py

    ---恢复内容结束---

  • 相关阅读:
    git warning: LF will be replaced by CRLF in 解决办法
    今天买了个pro,开始ios开发
    基于pyspark的mapreduce实现
    正则表达式中全部符号作用及解释
    CNN
    tensorboard使用及tensorflow各层权重系数输出
    DeepFM tensorflow实现
    FM详解
    sklearn计算auc需要注意的点
    矩阵压缩存储(可用于FM算法中的稀疏矩阵存储)
  • 原文地址:https://www.cnblogs.com/yifugui/p/7799575.html
Copyright © 2011-2022 走看看