写这个项目的时候开始没有考虑用户权限,后来想到以前JAVA Struts2有用到中间件进行拦截过滤,研究django也可以实现,这里简单做了个登陆功能,普通权限只可以查询,修改、删除等必须登陆才能操作
1. 首先自定义中间件类,重点是继承MiddlewareMixin
2. 在settings.py 中加入自定义的中间件,可以自定义权限功能
中间件代码如下,可以自己定义session中是否存在登陆,如果已经登陆,则可以进行编辑,否则禁止进行add/del/edit等操作并跳转到登陆页面
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse,redirect
#自定义中间件进行user登陆拦截
class Row1(MiddlewareMixin):
def process_request(self,request):
if "add" in request.path or "del" in request.path or "edit" in request.path:
print("用了管理员操作,开始进行验证")
if request.session.get("is_login"):
print(123)
pass
else:
print(456)
return redirect("/login/")
else:
print("不用用户验证,直接返回")
def process_response(self,request,response):
print("中间件1返回")
return response
settings.py加入自定义的中间件,具体到类
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'app1.middle.m1.Row1' #自定义中间件
]
登陆session保存代码,我是放在views.py里边,也可以自己定义:
def login(request):
if request.method=="GET":
return render(request,"login.html")
else:
username=request.POST.get("username",None)
pwd = request.POST.get("pwd",None)
print(username,pwd)
if username=="raylu" and pwd == "raylu123":
request.session["is_login"] = True
request.session["username"] = "raylu"
request.session["password"] = "123"
request.session.set_expiry(0) # 浏览器关闭则session失效
return redirect("/visitChart.html/")
elif username=="cherry" and pwd =="cherry123":
request.session["is_login"] = True
request.session["username"] = "cherry"
request.session["password"] = "cherry123"
request.session.set_expiry(0) #浏览器关闭则session失效
return redirect("/visitChart.html/")
else:
return HttpResponse("用户名或密码错误!请联系QS管理员CherryLiu")
HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/login/" method="post">
{% csrf_token %}
<p>username:<input type="text" name="username"></p>
<p>password:<input type="password" name="pwd"></p>
<p><input type="submit" value="登陆"></p>
</form>
</body>
</html>