最初版本
from django.db import models # Create your models here. # 用户表 class UserInfo(models.Model): nid = models.AutoField(primary_key=True) username = models.CharField(max_length=32) password = models.CharField(max_length=32) roles = models.ManyToManyField(to="Role") def __str__(self): return self.username # 角色表 class Role(models.Model): nid = models.AutoField(primary_key=True) title = models.CharField(max_length=32) permissions = models.ManyToManyField(to="Permission") def __str__(self): return self.title # 权限表 class Permission(models.Model): nid = models.AutoField(primary_key=True) title = models.CharField(max_length=32) url = models.CharField(max_length=64) def __str__(self): return self.title
class ValidPermission(MiddlewareMixin): def process_request(self, request): # 获取用户输入的url current_path = request.path_info # 白名单 vail_list = ['/login/', '/reg/', '/admin/.*'] for url in vail_list: ret = re.search(url, current_path) if ret: return None # 校验用户是否登录 user_id = request.session.get("user_id") if not user_id: return redirect("/login/") # 校验用户的权限 permission_list = request.session.get("permission_list", []) # print("权限", permission_list) for permission in permission_list: permission = '^{}$'.format(permission) # print(permission, type(permission)) ret = re.search(permission, current_path) if ret: return None return HttpResponse("没有权限")
def init_permission(user_obj, request): # 查询url并 去重 permission = user_obj.roles.all().values("permissions__url").distinct() # 将QuerySet中的url 存放在列表中 permission_list = [] for url in permission: val = url['permissions__url'] # print(val) permission_list.append(val) # print(permission_list) # print(permission) # 注册权限列表 request.session["permission_list"] = permission_list
# 登录 def login(request): if request.method == "POST": user = request.POST.get("username") pwd = request.POST.get("password") # print(user, pwd) # 判断输入的用户名、密码是否在数据库中 user_obj = models.UserInfo.objects.filter(username=user, password=pwd).first() # print(user_obj) if user_obj: # 注册用户 request.session["user_id"] = user_obj.pk # 和权限有关的提取 init_permission(user_obj, request) return HttpResponse("登录成功") return render(request, "login.html") # 查看用户信息 def show_user(request): # 使用中间件 """ user_id = request.session.get("user_id") if user_id: user_list = models.UserInfo.objects.all() return render(request, "show_user.html", {"user_list": user_list}) return redirect("/login/") """ permission_list = request.session.get("permission_list", []) user_list = models.UserInfo.objects.all() user_id = request.session.get("user_id") user_obj = models.UserInfo.objects.filter(nid=user_id).first() return render(request, "show_user.html", { "user_list": user_list, "permission_list": permission_list, "user_obj": user_obj, }) # 增加用户 def add_user(request): # 用中间件处理 """ user_id = request.session.get("user_id") if user_id: # 当前用户权限的url permission_list = request.session.get("permission_list", []) print("权限", permission_list) # 当前url输入的路径 current_path = request.path_info print(current_path) is_flag = False for permission in permission_list: permission = '^{}$'.format(permission) # print(permission, type(permission)) ret = re.search(permission, current_path) print(ret) if ret: is_flag = True print(is_flag) if is_flag: return HttpResponse("增加用户") else: return HttpResponse("没有权限") return redirect("/login/") """ return HttpResponse("增加用户") # 编辑用户 def change_user(request, id): # 中间件 return HttpResponse("编辑用户{}".format(id)) # 删除用户 def delete_user(request, id): return HttpResponse("删除用户{}".format(id)) # 查看角色信息 def show_role(request): role_list = models.Role.objects.all() user_id = request.session.get("user_id") user_obj = models.UserInfo.objects.filter(nid=user_id).first() return render(request, "show_role.html", { "role_list": role_list, "user_obj": user_obj, }) # 编辑角色 def change_role(request, id): print(id) # 当前用户权限的url # permission_list = request.session.get("permission_list", []) # print("权限", permission_list) # current_path = request.path_info # print(current_path) return HttpResponse("编辑角色")
{% extends 'base.html' %} {% block main-page %} <div class="container"> <div class="row form-list"> <div class="col-md-10 col-md-offset-1"> <div class="panel panel-primary"> <!-- Default panel contents --> <div class="panel-heading">角色列表</div> <div class="panel-body"> <a href="" class="btn btn-primary">添加角色</a> </div> <!--表开始--> <table class="table table-bordered table-striped"> <thead> <tr> <th>序号</th> <th>职称</th> <th>人员</th> <th>权限</th> <th>操作</th> </tr> </thead> <tbody> {% for role in role_list %} <tr> <th>{{ forloop.counter }}</th> <th>{{ role.title }}</th> <th> {% for user in role.userinfo_set.all %} {{ user.username}} {% endfor %} </th> <th> {% for permission in role.permissions.all %} {{ permission.title }} {% endfor %} </th> <th> <a href="/users/change/{{ user.pk }}/" class="btn btn-info">编辑</a> <a href="/users/delete/{{ user.pk }}/" class="btn btn-danger">删除</a> </th> </tr> {% endfor %} </tbody> </table> <!--表结束--> </div> </div> </div> </div> {% endblock %}
改良 左侧餐单 和按钮根据权限显示,限制权限粒度和inclusion_tag
from django.shortcuts import render, HttpResponse, redirect from rbac import models from rbac.service.permission import init_permission # Create your views here. # PermissionAction类 class PermissionAction: def __init__(self, action_list): self.action = action_list def list(self): return 'list' in self.action def add(self): return 'add' in self.action def delete(self): return 'delete' in self.action def change(self): return 'change' in self.action # 登录 def login(request): if request.method == "POST": user = request.POST.get("username") pwd = request.POST.get("password") # print(user, pwd) # 判断输入的用户名、密码是否在数据库中 user_obj = models.UserInfo.objects.filter(username=user, password=pwd).first() # print(user_obj) if user_obj: # 注册用户 request.session["user_id"] = user_obj.pk # 和权限有关的提取 init_permission(user_obj, request) # return HttpResponse("登录成功") return redirect('/users/') return render(request, "login.html") # 注销 def logout(request): request.session.delete() return redirect("/login/") # 查看用户信息 def show_user(request): # 使用中间件 """ user_id = request.session.get("user_id") if user_id: user_list = models.UserInfo.objects.all() return render(request, "show_user.html", {"user_list": user_list}) return redirect("/login/") """ # 方案一 """ permission_list = request.session.get("permission_list", []) user_list = models.UserInfo.objects.all() user_id = request.session.get("user_id") user_obj = models.UserInfo.objects.filter(nid=user_id).first() return render(request, "show_user.html", { "user_list": user_list, "permission_list": permission_list, "user_obj": user_obj, }) """ # 方案二 per_action = PermissionAction(request.action_list) user_list = models.UserInfo.objects.all() # user_id = request.session.get("user_id") # user_obj = models.UserInfo.objects.filter(nid=user_id).first() # new_permission_list = request.session.get('new_permission_list') return render(request, "show_user.html", { "user_list": user_list, # "user_obj": user_obj, 'per_action': per_action, # 'new_permission_list': new_permission_list, }) # 增加用户 def add_user(request): # 用中间件处理 """ user_id = request.session.get("user_id") if user_id: # 当前用户权限的url permission_list = request.session.get("permission_list", []) print("权限", permission_list) # 当前url输入的路径 current_path = request.path_info print(current_path) is_flag = False for permission in permission_list: permission = '^{}$'.format(permission) # print(permission, type(permission)) ret = re.search(permission, current_path) print(ret) if ret: is_flag = True print(is_flag) if is_flag: return HttpResponse("增加用户") else: return HttpResponse("没有权限") return redirect("/login/") """ return HttpResponse("增加用户") # 删除用户 def delete_user(request, id): return HttpResponse("删除用户{}".format(id)) # 编辑用户 def change_user(request, id): # 中间件 return HttpResponse("编辑用户{}".format(id)) # 查看角色信息 def show_role(request): role_list = models.Role.objects.all() # user_id = request.session.get("user_id") # user_obj = models.UserInfo.objects.filter(nid=user_id).first() per_action = PermissionAction(request.action_list) return render(request, "show_role.html", { "role_list": role_list, # "user_obj": user_obj, 'per_action': per_action, }) # 添加角色 def add_role(request): return HttpResponse("添加角色") # 删除角色 def delete_role(request, id): return HttpResponse("删除角色{}".format(id)) # 编辑角色 def change_role(request, id): print(id) # 当前用户权限的url # permission_list = request.session.get("permission_list", []) # print("权限", permission_list) # current_path = request.path_info # print(current_path) return HttpResponse("编辑角色{}".format(id))
from django import template from rbac import models register = template.Library() @register.inclusion_tag('menu.html') def menu_tag(request): new_permission_list = request.session.get('new_permission_list') return {"new_permission_list": new_permission_list} @register.inclusion_tag('title.html') def title_tag(request): user_id = request.session.get("user_id") user_obj = models.UserInfo.objects.filter(nid=user_id).first() return {"user_obj": user_obj}
def init_permission(user_obj, request): # 方案一 """ # 查询url并 去重 permission = user_obj.roles.all().values("permissions__url").distinct() # 将QuerySet中的url 存放在列表中 permission_list = [] for url in permission: val = url['permissions__url'] # print(val) permission_list.append(val) # print(permission_list) # print(permission) # 注册权限列表 request.session["permission_list"] = permission_list """ permission = user_obj.roles.all().values("permissions__url", "permissions__action", "permissions__groups_id").distinct() # print(permission) # 数据处理用户 按钮 permission_dic = {} for item in permission: # print(item) gid = item['permissions__groups_id'] url = item['permissions__url'] action = item['permissions__action'] if gid not in permission_dic: permission_dic[gid] = { 'urls': [url], 'actions': [action] } else: permission_dic[gid]['urls'].append(url) permission_dic[gid]['actions'].append(action) # print(permission_dic) # 注入 request.session["permission_dic"] = permission_dic new_permission = user_obj.roles.all().values("permissions__url", "permissions__action", "permissions__groups__title").distinct() # print(new_permission) new_permission_list = [] for item in new_permission: if item['permissions__action'] == 'list': url = item['permissions__url'] group_title = item['permissions__groups__title'] new_permission_list.append({'url': url, 'group_title': group_title}) print(new_permission_list) request.session['new_permission_list'] = new_permission_list
{% extends 'base.html' %} {% block main-page %} <div class="container"> <div class="row form-list"> <div class="col-md-10 col-md-offset-1"> <div class="panel panel-primary"> <!-- Default panel contents --> <div class="panel-heading">用户列表</div> <div class="panel-body"> {# {% if '/users/add/' in permission_list %}#} {# <a href="/users/add/" class="btn btn-primary">添加用户</a>#} {# {% endif %}#} {% if per_action.add %} <a href="/users/add/" class="btn btn-primary">添加用户</a> {% endif %} </div> <!--表开始--> <table class="table table-bordered table-striped"> <thead> <tr> <th>序号</th> <th>姓名</th> <th>角色</th> {% if per_action.delete or per_action.change %} <th>操作</th> {% endif %} </tr> </thead> <tbody> {% for user in user_list %} <tr> <th>{{ forloop.counter }}</th> <th>{{ user.username }}</th> <th> {% for role in user.roles.all %} {{ role.title }} {% endfor %} </th> <th> {# {% if '/users/change/(\d+)/' in permission_list %}#} {# <a href="/users/change/{{ user.pk }}/" class="btn btn-info">编辑</a>#} {# {% endif %}#} {##} {# {% if '/users/delete/(\d+)/' in permission_list %}#} {# <a href="/users/delete/{{ user.pk }}/" class="btn btn-danger">删除</a>#} {# {% endif %}#} {% if per_action.change %} <a href="/users/change/{{ user.pk }}/" class="btn btn-info">编辑</a> {% endif %} {% if per_action.delete %} <a href="/users/delete/{{ user.pk }}/" class="btn btn-danger">删除</a> {% endif %} </th> </tr> {% endfor %} </tbody> </table> <!--表结束--> </div> </div> </div> </div> {% endblock %}
<!DOCTYPE html> <html lang="zh-CN"> <head> <meta charset="UTF-8"> <title>展示用户信息</title> <link rel="stylesheet" href="/static/bootstrap/css/bootstrap.min.css"> <link rel="stylesheet" href="/static/my-styles.css"> </head> <body> {% load my_tags %} {% title_tag request %} <div class="menu"> {% menu_tag request %} </div> <div class="content"> {% block main-page %} {% endblock %} </div> <script src="/static/jquery-3.3.1.js"></script> <script src="/static/bootstrap/js/bootstrap.min.js"></script> </body> </html>