fromdjango.core.urlresolvers import resolvefromkingadmin.permission_list import permission_dictfromdjango.shortcuts import redirect,render,HttpResponsefromdjango.utils.safestring import mark_safe
def check_permission(*args,**kwargs):
request=args[0]
request_url=resolve(request.path).url_name
match_key=None
args_check=None
kwarg_check=Noneif request.user.is_authenticated() isFalse:return redirect('/login/')for permission_key,val inpermission_dict.items():
print('执行args 权限检查-------------')
per_url=val[0]
per_method=val[1]
per_args=val[2]
per_kwargs=val[3]
per_hook_func=val[4] if len(permission_dict[permission_key]) > 4 elseNoneif request_url ==per_url:if request.method ==per_method:
args_check=Falsefor arg inper_args:
request_func=getattr(request,per_method)if request_func.get(arg,None):
args_check=True
print('存在arg参数')else:
print('不存在指定arg参数')
args_check=Falsebreak
else:
print('未作权限限制,,默认通过')
args_check=True
kwarg_check=Falsefor arg_name,arg_val inper_kwargs.items():
print('执行 kwargs 权限检查-------------')
request_func=getattr(request,per_method)if request_func.get(arg_name) ==str(arg_val):
kwarg_check=Trueelse:
kwarg_check=Falsebreak
else:
kwarg_check=True
print('未作 kwargs 限制,默认通过')
per_func=False
print('执行用户自定义钩子函数')ifper_hook_func:
per_func=per_hook_func(request)else:
per_func=True
per_res=[args_check,kwarg_check,per_func]ifall(per_res):
match_key=permission_key
print('权限匹配结果:',per_res)break
ifall(per_res):
appname,*per_name=match_key.split('_')
per_obj='%s.%s'%(appname,match_key)ifrequest.user.has_perm(per_obj):
print('所有权限检查通过')returnTrueelse:
print('权限检查未通过')returnFalseelse:
print('未匹配到权限')returnFalse
def check_per(func):
def inner(*args,**kwargs):if not check_permission(*args,**kwargs):return HttpResponse(mark_safe('