django crm 03

• 今日内容：
  • 　　通过中间件，给视图函数 增加 登陆验证，权限验证功能
  •    给中间件设置白名单，登陆视图函数不需要认证
  •    登陆之后，会把 用户名和权限列表存储在session中
  •    在中间件中完成 认证功能

from django.contrib import admin

from app01 import models
# Register your models here.


# 控制admin中的显示方式
class PermissionAdmin(admin.ModelAdmin):
    list_display = ['pk','title','url']   #告诉admin显示列表的哪些字段
    ordering = ['-pk']  #告诉admin 以什么方式排序

class RoleAdmin(admin.ModelAdmin):
    list_display = ['pk','title']


admin.site.register(models.User)
admin.site.register(models.Role, RoleAdmin)       #告诉admin以上面指定的方式展示列表
admin.site.register(models.Permission,PermissionAdmin)

from django.db import models

# Create your models here.


class User(models.Model):
    name = models.CharField(max_length=32)
    pwd = models.CharField(max_length=32)
    roles = models.ManyToManyField('Role')
    def __str__(self):
        return self.name

class Role(models.Model):
    title = models.CharField(max_length=32)
    permissions = models.ManyToManyField('Permission')
    def __str__(self):
        return self.title

class Permission(models.Model):
    title = models.CharField(max_length=32)
    url = models.CharField(max_length=128)
    def __str__(self):
        return self.title

from django.shortcuts import render,HttpResponse,redirect
from django.views import View
from app01 import models

# Create your views here.
class Login(View):          
    def get(self,request):
        return render(request,'login.html')
    def post(self,request):
        #step 1: 获取用户提交的用户名和密码
        user = request.POST.get('user')
        pwd = request.POST.get('pwd')
        
        #step 2: 根据用户名和密码取数据库中验证，相当于auth.authentacate
        user_obj = models.User.objects.filter(name=user,pwd=pwd).first()
        if user_obj:
            

            #如果登陆成功， 将 用户名存到 session 中， 将 permission_llist存到session中
            request.session['user'] = user_obj.name
            permission_obj = 
models.Permission.objects.filter(role__user=user_obj)
            print(permission_obj)
            permission_list = [i.url for i in permission_obj]
            request.session['permission_list'] = permission_list
            return redirect(request.path)
        else:
            return render(request,'login.html',{'error':'用户名或密码错误'})



class Record(View):
    def get(self,request):
        return render(request,'record.html')

class AddRecords(View):
    def get(self,request):
        return render(request,'addrecords.html')

class EditRecords(View):
    def get(self,request):
        return render(request,'editrecords.html')

class DeleteRecords(View):
    def get(self,request):
        return render(request,'deletecustomer.html')

class Customer(View):
    def get(self,request):
        return render(request, 'customer.html')
class AddCustomer(View):
    def get(self,request):
        return render(request,'addcustomer.html')
class EditCustomer(View):
    def get(self,request):
        return render(request,'editrecords.html')
class DeleteCustomer(View):
    def get(self,request):
        return render(request,'deletecustomer.html')

        

"""crm03 URL Configuration

The `urlpatterns` list routes URLs to views. For more information please see:
    https://docs.djangoproject.com/en/1.11/topics/http/urls/
Examples:
Function views
    1. Add an import:  from my_app import views
    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
Class-based views
    1. Add an import:  from other_app.views import Home
    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
Including another URLconf
    1. Import the include() function: from django.conf.urls import url, include
    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
"""
from django.conf.urls import url
from django.contrib import admin
from app01 import views


urlpatterns = [
    url(r'^admin/', admin.site.urls),

    url(r'^login/', views.Login.as_view(), name='login'),

    url(r'^record/$', views.Record.as_view(), name='record'),
    url(r'^record/add/', views.AddRecords.as_view(), name='addrecord'),
    url(r'^record/edit/', views.EditRecords.as_view(), name='editrecord'),
    url(r'^record/delete/', views.DeleteRecords.as_view(), name='deleterecord'),

    url(r'^customer/$', views.Customer.as_view(), name='customer'),
    url(r'^customer/add/', views.AddCustomer.as_view(), name='addcustomer'),
    url(r'^customer/edit/', views.EditCustomer.as_view(), name='editcustomer'),
    url(r'^customer/delete/', views.DeleteCustomer.as_view(), name='deletecustomer'),
]

from django.utils.deprecation import MiddlewareMixin
import re
from django.shortcuts import HttpResponse,redirect,render

class Md1(MiddlewareMixin):

    def process_request(self,request):

        #白名单放行
        for i in ['/login/','/admin/',]:
            ret = re.search(i,request.path)
            print(ret,i)
            if ret:
                print('判断之后：',ret,i)
                return None

        #登录认证
        user = request.session.get('user')
        if not user:
            return redirect('login')

        #权限认证
        for item in request.session.get('permission_list'):
            print(item)
            reg = f'^{item}$'
            ret = re.search(reg,request.path)
            if ret:
                return
        else:
            return HttpResponse('不好意思，权限不够，无权访问')