完整代码:
https://github.com/leemamas/rbac.git
1.pycharm创建django项目
2.app下models.py
from django.db import models
#用户
class User(models.Model):
name = models.CharField(max_length=32)
pwd = models.CharField(max_length=32)
roles = models.ManyToManyField(to="Role")
def __str__(self):
return self.name
#角色
class Role(models.Model):
title = models.CharField(max_length=32)
permissions = models.ManyToManyField(to="Permission")
def __str__(self):
return self.title
#权限
class Permission(models.Model):
title = models.CharField(max_length=32)
url = models.CharField(max_length=32)
def __str__(self):
return self.title
3.manege.py-->Tools-->run manage.py Task
执行2个命令,建表
makemigrations
migrate
4.在app下admin.py下注册
from django.contrib import admin
from .models import *
admin.site.register(User)
admin.site.register(Role)
admin.site.register(Permission)
5.在步骤3的命令下执行创建超级用户
createsuperadmin
6.根项目urls.py
from django.contrib import admin
from django.urls import path,re_path
from rbac.views import *
urlpatterns = [
path('admin/', admin.site.urls),
path('login/', login),
path('users/', users),
path('user/add/', user_add),
re_path('user/edit/(\d+)/', user_edit),
re_path('user/delete/(\d+)/', user_delete),
path('roles/', roles),
path('role/add/', role_add),
]
7.模板templates下创建login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
</head>
<body>
<h3>Lgoin</h3>
<form action="" method="post">
{% csrf_token %}
user:<input type="text" name="user" id="user">
pwd:<input type="password" name="pwd" id="pwd">
<input type="submit" value="post">{{ msg }}
</form>
</body>
</html>
8.app下的views.py
from django.http import HttpResponse
from django.shortcuts import render
from .models import *
import re
from rbac.service.permission import *
def login(request):
if request.method == 'POST':
user = request.POST.get('user')
pwd = request.POST.get('pwd')
user = User.objects.filter(name=user, pwd=pwd).first()
if user:
request.session['user_id']=user.pk
# permissions=user.roles.all().values('permissions__url').distinct()
#
# permissionsList=[]
# for permission in permissions:
# permissionsList.append(permission['permissions__url'])
#
#
# request.session['permissionsList']=permissionsList
initial_session(request,user)
return HttpResponse('login success!')
else:
msg='error!'
return render(request, 'login.html', locals())
def users(request):
return HttpResponse('user view!')
def user_add(request):
return HttpResponse('user add!')
def user_edit(request,id):
permissionsList = request.session['permissionsList']
current_path = request.path_info
flag=False
for permission in permissionsList:
permission='^%s$'%permission
ret=re.match(permission,current_path)
if ret:
flag=True
break
if flag:
print('have permission!')
return HttpResponse('user edit!edit:{}'.format(id))
return HttpResponse('not permission!')
def user_delete(request,id):
print('delete',id)
return HttpResponse('user delete!')
def roles(request):
return HttpResponse('roles views!')
def role_add(request):
return HttpResponse('role add!')
9.app下,创建包文件夹
创建rbac.py,permission.py
from django.utils.deprecation import MiddlewareMixin
import re
from django.shortcuts import HttpResponse,redirect
class ValidPermission(MiddlewareMixin):
def process_request(self, request):
current_path = request.path_info
#白名单
whiteList = ['/login/', '/admin/.*']
for url in whiteList:
ret = re.match(url, current_path)
if ret:
return None
#检验登录
user_id=request.session.get('user_id')
if not user_id:
return redirect('/login/')
permissionsList = request.session.get('permissionsList', [])
flag = False
for permission in permissionsList:
permission = '^%s$' % permission
ret = re.match(permission, current_path)
if ret:
flag = True
break
if not flag:
return HttpResponse('没有权限!')
return None
def initial_session(request,user):
permissions = user.roles.all().values('permissions__url').distinct()
permissionsList = []
for permission in permissions:
permissionsList.append(permission['permissions__url'])
request.session['permissionsList'] = permissionsList
10.根settings.py,注册中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'rbac.service.rbac.ValidPermission',
]
11.数据库自行添加数据测试!
也可以到github下载数据库文件