- 今日内容:
- 通过中间件,给视图函数 增加 登陆验证,权限验证功能
- 给中间件设置白名单,登陆视图函数不需要认证
- 登陆之后,会把 用户名和权限列表存储在session中
- 在中间件中完成 认证功能
from django.contrib import admin from app01 import models # Register your models here. # 控制admin中的显示方式 class PermissionAdmin(admin.ModelAdmin): list_display = ['pk','title','url'] #告诉admin显示列表的哪些字段 ordering = ['-pk'] #告诉admin 以什么方式排序 class RoleAdmin(admin.ModelAdmin): list_display = ['pk','title'] admin.site.register(models.User) admin.site.register(models.Role, RoleAdmin) #告诉admin以上面指定的方式展示列表 admin.site.register(models.Permission,PermissionAdmin)
from django.db import models # Create your models here. class User(models.Model): name = models.CharField(max_length=32) pwd = models.CharField(max_length=32) roles = models.ManyToManyField('Role') def __str__(self): return self.name class Role(models.Model): title = models.CharField(max_length=32) permissions = models.ManyToManyField('Permission') def __str__(self): return self.title class Permission(models.Model): title = models.CharField(max_length=32) url = models.CharField(max_length=128) def __str__(self): return self.title
from django.shortcuts import render,HttpResponse,redirect from django.views import View from app01 import models # Create your views here. class Login(View): def get(self,request): return render(request,'login.html') def post(self,request): #step 1: 获取用户提交的用户名和密码 user = request.POST.get('user') pwd = request.POST.get('pwd') #step 2: 根据用户名和密码取数据库中验证,相当于auth.authentacate user_obj = models.User.objects.filter(name=user,pwd=pwd).first() if user_obj: #如果登陆成功, 将 用户名存到 session 中, 将 permission_llist存到session中 request.session['user'] = user_obj.name permission_obj = models.Permission.objects.filter(role__user=user_obj) print(permission_obj) permission_list = [i.url for i in permission_obj] request.session['permission_list'] = permission_list return redirect(request.path) else: return render(request,'login.html',{'error':'用户名或密码错误'}) class Record(View): def get(self,request): return render(request,'record.html') class AddRecords(View): def get(self,request): return render(request,'addrecords.html') class EditRecords(View): def get(self,request): return render(request,'editrecords.html') class DeleteRecords(View): def get(self,request): return render(request,'deletecustomer.html') class Customer(View): def get(self,request): return render(request, 'customer.html') class AddCustomer(View): def get(self,request): return render(request,'addcustomer.html') class EditCustomer(View): def get(self,request): return render(request,'editrecords.html') class DeleteCustomer(View): def get(self,request): return render(request,'deletecustomer.html')
"""crm03 URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/1.11/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.conf.urls import url, include 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls')) """ from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^login/', views.Login.as_view(), name='login'), url(r'^record/$', views.Record.as_view(), name='record'), url(r'^record/add/', views.AddRecords.as_view(), name='addrecord'), url(r'^record/edit/', views.EditRecords.as_view(), name='editrecord'), url(r'^record/delete/', views.DeleteRecords.as_view(), name='deleterecord'), url(r'^customer/$', views.Customer.as_view(), name='customer'), url(r'^customer/add/', views.AddCustomer.as_view(), name='addcustomer'), url(r'^customer/edit/', views.EditCustomer.as_view(), name='editcustomer'), url(r'^customer/delete/', views.DeleteCustomer.as_view(), name='deletecustomer'), ]
1 from django.utils.deprecation import MiddlewareMixin 2 import re 3 from django.shortcuts import HttpResponse,redirect,render 4 5 class Md1(MiddlewareMixin): 6 7 def process_request(self,request): 8 9 #白名单放行 10 for i in ['/login/','/admin/',]: 11 ret = re.search(i,request.path) 12 print(ret,i) 13 if ret: 14 print('判断之后:',ret,i) 15 return None 16 17 #登录认证 18 user = request.session.get('user') 19 if not user: 20 return redirect('login') 21 22 #权限认证 23 for item in request.session.get('permission_list'): 24 print(item) 25 reg = f'^{item}$' 26 ret = re.search(reg,request.path) 27 if ret: 28 return 29 else: 30 return HttpResponse('不好意思,权限不够,无权访问')