from django.db import models
class User(models.Model):
name=models.CharField(max_length=32)
pwd=models.CharField(max_length=32)
roles=models.ManyToManyField(to="Role")
def __str__(self): return self.name
class Role(models.Model):
title=models.CharField(max_length=32)
permissions=models.ManyToManyField(to="Permission")
def __str__(self): return self.title
class Permission(models.Model):
title=models.CharField(max_length=32)
url=models.CharField(max_length=32)
action=models.CharField(max_length=32,default="")
group=models.ForeignKey("PermissionGroup",default=1)
def __str__(self):return self.title
class PermissionGroup(models.Model):
title = models.CharField(max_length=32)
def __str__(self): return self.title
中间件
import re
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse,redirect
class ValidPermission(MiddlewareMixin):
def process_request(self,request):
# 当前访问路径
current_path = request.path_info
# 检查是否属于白名单
valid_url_list=["/login/","/reg/","/admin/.*"]
for valid_url in valid_url_list:
ret=re.match(valid_url,current_path)
if ret:
return None
# 校验是否登录
user_id=request.session.get("user_id")
if not user_id:
return redirect("/login/")
# 校验权限
permission_dict=request.session.get("permission_dict")
for item in permission_dict.values():
# 获取当前用户所有权限
urls=item['urls']
for reg in urls:
reg="^%s$"%reg
# 验证url
ret=re.match(reg,current_path)
if ret:
request.actions=item['actions']
return None
return HttpResponse("没有访问权限!")
登录视图
from rbac.service.perssions import *
def login(request):
if request.method=="POST":
user=request.POST.get("user")
pwd=request.POST.get("pwd")
user=User.objects.filter(name=user,pwd=pwd).first()
if user:
# 在session中注册用户ID
request.session["user_id"]=user.pk
# 查询当前登录用户的所有权限,注册到session中
initial_session(user,request)
return redirect("/users/")
return render(request,"login.html")