1:用户,角色,权限,菜单表设计
from django.db import models # 用户菜单 class UserMenu(models.Model): title = models.CharField(max_length=32,verbose_name='菜单') icon = models.CharField(max_length=32,1)">图标',null=True,blank=True) def __str__(self): return self.title Meta: verbose_name = "" verbose_name_plural = verbose_name 用户信息表 UserInfo(models.Model): username = models.CharField(unique=True,max_length=32,1)">用户名) password = models.CharField(max_length=64) roles = models.ManyToManyField(to=Role用户所拥有的角色True) is_staff = models.BooleanField(default=True) admin配置 self.username 用户信息 verbose_name 角色表 Role(models.Model): name = models.CharField(max_length=32,1)">角色名称) permissions = models.ManyToManyField(to=Permission角色所拥有的权限 self.name 权限表 Permission(models.Model): title = models.CharField(max_length=32,1)">权限名) url = models.CharField(max_length=32,1)">权限) menu = models.ForeignKey(UserMenu",on_delete=models.CASCADE,null=True) name = models.CharField(max_length=32,1)">url别名"") Meta: verbose_name_plural = 权限表 verbose_name = ' return self.title
2:rbac.py
from dal.models Role def initial_sesson(user,request): """ 功能:将当前登录人的所有权限录入session中 :param user: 当前登录人 """ 查询当前登录人的所有权限列表 查看当前登录人的所有角色 ret=Role.objects.filter(user=user) permissions = Role.objects.filter(userinfo__username=user).values(permissions__url,permissions__titlepermissions__namepermissions__menu__titlepermissions__menu__iconpermissions__menu__pk).distinct() print("permissions",permissions) permission_list = [] permission_names = [] permission_menu_dict ={} for item in permissions: 构建权限列表 permission_list.append(item[]) permission_names.append(item[]) 菜单权限 menu_pk=item[] if menu_pk: if menu_pk not permission_menu_dict: permission_menu_dict[menu_pk]={ menu_title":item[],1)">menu_iconchildren:[ { titleurlelse: permission_menu_dict[menu_pk][].append({ ": item[ print("permission_menu_dict",permission_menu_dict) 将当前登录人的权限列表注入session中 request.session[permission_list"] = permission_list request.session[permission_names permission_names 将当前登录人的菜单权限字典注入session中 request.session[permission_menu_dict permission_menu_dict return permission_menu_dict
3:middlewares.py中间件验证权限文件
from django.utils.deprecation MiddlewareMixin from django.shortcuts HttpResponse,redirect re from django.http JsonResponse PermissionMiddleWare(MiddlewareMixin): process_request(self,request): print(permission_list的值是:)) current_path = request.path message = {} 设置白名单放行 for reg in [/user/login/admin/*]: ret=re.search(reg,current_path) ret: None /customers/edit/1 try: 校验权限 permission_list=request.session.get() permission_list: reg=^%s$"%reg ret= ret: None message[message'] = 提示:无访问权限 message[code'] = 404 JsonResponse(message) except Exception as e: print(e) message[return JsonResponse(message)
4:中间件配置与登录视图的配置
settings.py MIDDLEWARE = [ django.middleware.security.SecurityMiddlewaredjango.contrib.sessions.middleware.SessionMiddlewaredjango.middleware.common.CommonMiddlewaredjango.middleware.csrf.CsrfViewMiddlewaredjango.contrib.auth.middleware.AuthenticationMiddlewaredjango.contrib.messages.middleware.MessageMiddlewaredjango.middleware.clickjacking.XFrameOptionsMiddlewareuser.rbac_utils.middlewares.PermissionMiddleWare 配置中间件 ] 登录函数的配置: 这里只是写关于权限配置的部分函数,其余的token需求自己写 保存登录用户状态信息 request.session[user_id user_obj.pk 录入权限session permission_menu_dict = initial_sesson(username,request) 设置返回给前端的值 csrf = {} csrf['] = permission_menu_dict csrf[token token return JsonResponse(csrf)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。