對于權(quán)限管理,不單單的只是控制能不能訪問的路徑轩缤,而且還需要根據(jù)用戶的權(quán)限命迈,當(dāng)用戶某個(gè)頁面時(shí)贩绕,在頁面上展示什么,比如有些用戶能訪問首頁壶愤,但是沒有添加用戶的權(quán)限淑倾,這就不能將添加按鈕展現(xiàn)在首頁,而對于具有添加用戶權(quán)限的用戶則需要將添加用戶的按鈕顯示在首頁上
- 1.在訪問列表頁面時(shí)征椒,是否需要判斷;有無添加權(quán)限娇哆,有無編輯權(quán)限;
在rbac下的models中添加Group類在權(quán)限表中添加code字段和外鍵group
class Group(models.Model):
"""
權(quán)限組
"""
caption = models.CharField(verbose_name='組名稱',max_length=16)
class Permission(models.Model):
"""
權(quán)限表
"""
title = models.CharField(verbose_name='標(biāo)題',max_length=32)
url = models.CharField(verbose_name="含正則URL",max_length=64)
is_menu = models.BooleanField(verbose_name="是否是菜單")
code = models.CharField(verbose_name="代碼",max_length=16)
group = models.ForeignKey(verbose_name='所屬組',to="Group")
class Meta:
verbose_name_plural = "權(quán)限表"
def __str__(self):
return self.title
2.在rbac/service/init_permission.py/init_permission類中進(jìn)行修改
結(jié)構(gòu)化數(shù)據(jù)模型陕靠,方便以后操作
data = {
1: {
'codes': ['list','add','edit','del'],
'urls':[
/userinfo/,
/userinfo/add/,
/userinfo/edit/(\d+)/,
/userinfo/del/(\d+)/,
]
},
2: {
'codes': ['list','add','edit','del'],
'urls':[
/userinfo/,
/userinfo/add/,
/userinfo/edit/(\d+)/,
/userinfo/del/(\d+)/,
]
},
}
permission_list = user.roles.values('permissions__title',
"permissions__code",
'permissions__url',
'permissions__is_menu',
"permissions__group__id",
).distinct()
result={}
for item in permission_list:
groupid=item["permissions__group__id"]
code=item["permissions__code"]
url=item["permissions__url"]
if groupid in result:
result[groupid]["codes"].append(code)
result[groupid]["urls"].append(url)
else:
result[groupid]={
"codes":[code,],
"urls":[url,]
}
print(result)
request.session[settings.PERMISSIONS_URL_DICT_KEY] = result
3.對中間件進(jìn)行修改
import re
from django.shortcuts import redirect,HttpResponse
from django.conf import settings
class MiddlewareMixin(object):
def __init__(self, get_response=None):
self.get_response = get_response
super(MiddlewareMixin, self).__init__()
def __call__(self, request):
response = None
if hasattr(self, 'process_request'):
response = self.process_request(request)
if not response:
response = self.get_response(request)
if hasattr(self, 'process_response'):
response = self.process_response(request, response)
return response
class RbacMiddleware(MiddlewareMixin):
def process_request(self,request):
# 1. 獲取當(dāng)前請求的URL
# request.path_info
# 2. 獲取Session中保存當(dāng)前用戶的權(quán)限
# request.session.get("permission_url_list')
current_url = request.path_info
# 當(dāng)前請求不需要執(zhí)行權(quán)限驗(yàn)證
for url in settings.VALID_URL:
if re.match(url,current_url):
return None
permission_dict = request.session.get(settings.PERMISSION_URL_DICT_KEY)
if not permission_dict:
return redirect('/login/')
flag = False
for group_id,code_url in permission_dict.items():
for db_url in code_url['urls']:
regax = "^{0}$".format(db_url)
if re.match(regax, current_url):
request.permission_code_list = code_url['codes']
flag = True
break
if flag:
break
if not flag:
return HttpResponse('無權(quán)訪問')
rbac.py
4.對views進(jìn)行操作迂尝,是否頁面上顯示功能按鈕:
方法1·:在模塊中進(jìn)行判斷
{% if "add/edit/del" in request.permission_code_list %}
<a href="">添加/編輯/刪除</a>
{% endif%}
在模塊中進(jìn)行判斷
{% if pagepermission.has_add %}
<p><a href="">添加</a></p>
{% endif %}
