热门标签
热门文章
- 1python pymysql multiprocessing.dummy多线程 读写数据库报错_from multiprocessing.dummy import queue 不存在
- 2软件运营服务(SaaS)成为软件业的新趋势
- 3uniapp音频组件,适配ios,Android,H5_uniapp音频播放插件
- 4项目笔记24(尚品汇)_尚品汇项目中购物车多次点击数量会为负数
- 5docker-compose命令说明
- 6Ubuntu 18.04下Intel SGX的安装_sgx disabled by bios
- 72022年全国职业院校技能大赛(高职组)“云计算”赛项赛卷①第一场次:私有云_在openstack私有云平台,编写脚本,要求可以完成数据库的定期备份,
- 8基于STM32的四旋翼无人机项目(一):基础知识篇_stm32飞控
- 9Python 批量推送微信公众号模板消息_python微信公众号订阅通知
- 10Spark中内存参数的理解_spark.executor.memory
当前位置: article > 正文
Django权限管理rbac基于中间件校验简单实现_基于django中间件实现网站的权限校验
作者:盐析白兔 | 2024-02-09 11:41:41
赞
踩
基于django中间件实现网站的权限校验
完整代码:
https://github.com/leemamas/rbac.git
1.pycharm创建django项目
2.app下models.py
- from django.db import models
-
- #用户
- class User(models.Model):
- name = models.CharField(max_length=32)
- pwd = models.CharField(max_length=32)
- roles = models.ManyToManyField(to="Role")
-
- def __str__(self):
- return self.name
-
- #角色
- class Role(models.Model):
- title = models.CharField(max_length=32)
- permissions = models.ManyToManyField(to="Permission")
-
- def __str__(self):
- return self.title
-
- #权限
- class Permission(models.Model):
- title = models.CharField(max_length=32)
- url = models.CharField(max_length=32)
-
- def __str__(self):
- return self.title
3.manege.py-->Tools-->run manage.py Task
执行2个命令,建表
- makemigrations
- migrate
4.在app下admin.py下注册
- from django.contrib import admin
-
- from .models import *
-
- admin.site.register(User)
- admin.site.register(Role)
- admin.site.register(Permission)
5.在步骤3的命令下执行创建超级用户
createsuperadmin
6.根项目urls.py
-
- from django.contrib import admin
- from django.urls import path,re_path
- from rbac.views import *
-
- urlpatterns = [
- path('admin/', admin.site.urls),
- path('login/', login),
- path('users/', users),
- path('user/add/', user_add),
- re_path('user/edit/(\d+)/', user_edit),
- re_path('user/delete/(\d+)/', user_delete),
- path('roles/', roles),
- path('role/add/', role_add),
- ]
7.模板templates下创建login.html
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Login</title>
- </head>
- <body>
- <h3>Lgoin</h3>
- <form action="" method="post">
- {% csrf_token %}
- user:<input type="text" name="user" id="user">
- pwd:<input type="password" name="pwd" id="pwd">
- <input type="submit" value="post">{{ msg }}
- </form>
-
- </body>
- </html>
8.app下的views.py
- from django.http import HttpResponse
- from django.shortcuts import render
- from .models import *
- import re
- from rbac.service.permission import *
-
-
- def login(request):
-
- if request.method == 'POST':
-
- user = request.POST.get('user')
- pwd = request.POST.get('pwd')
-
- user = User.objects.filter(name=user, pwd=pwd).first()
- if user:
- request.session['user_id']=user.pk
- # permissions=user.roles.all().values('permissions__url').distinct()
- #
- # permissionsList=[]
- # for permission in permissions:
- # permissionsList.append(permission['permissions__url'])
- #
- #
- # request.session['permissionsList']=permissionsList
-
-
- initial_session(request,user)
-
- return HttpResponse('login success!')
- else:
- msg='error!'
-
- return render(request, 'login.html', locals())
-
-
- def users(request):
- return HttpResponse('user view!')
-
- def user_add(request):
- return HttpResponse('user add!')
-
- def user_edit(request,id):
- permissionsList = request.session['permissionsList']
- current_path = request.path_info
-
- flag=False
- for permission in permissionsList:
- permission='^%s$'%permission
- ret=re.match(permission,current_path)
- if ret:
- flag=True
- break
-
- if flag:
- print('have permission!')
- return HttpResponse('user edit!edit:{}'.format(id))
-
- return HttpResponse('not permission!')
-
- def user_delete(request,id):
- print('delete',id)
- return HttpResponse('user delete!')
-
-
- def roles(request):
- return HttpResponse('roles views!')
-
-
- def role_add(request):
- return HttpResponse('role add!')
9.app下,创建包文件夹
创建rbac.py,permission.py
- from django.utils.deprecation import MiddlewareMixin
- import re
- from django.shortcuts import HttpResponse,redirect
-
-
- class ValidPermission(MiddlewareMixin):
-
- def process_request(self, request):
-
- current_path = request.path_info
-
- #白名单
- whiteList = ['/login/', '/admin/.*']
-
- for url in whiteList:
- ret = re.match(url, current_path)
- if ret:
- return None
-
- #检验登录
- user_id=request.session.get('user_id')
- if not user_id:
- return redirect('/login/')
-
-
- permissionsList = request.session.get('permissionsList', [])
-
- flag = False
-
- for permission in permissionsList:
- permission = '^%s$' % permission
- ret = re.match(permission, current_path)
- if ret:
- flag = True
- break
- if not flag:
- return HttpResponse('没有权限!')
-
- return None
-
-
- def initial_session(request,user):
- permissions = user.roles.all().values('permissions__url').distinct()
-
- permissionsList = []
- for permission in permissions:
- permissionsList.append(permission['permissions__url'])
-
- request.session['permissionsList'] = permissionsList
10.根settings.py,注册中间件
- MIDDLEWARE = [
- 'django.middleware.security.SecurityMiddleware',
- 'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.middleware.common.CommonMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
- 'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware',
- 'django.middleware.clickjacking.XFrameOptionsMiddleware',
- 'rbac.service.rbac.ValidPermission',
- ]
11.数据库自行添加数据测试!
也可以到github下载数据库文件
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/盐析白兔/article/detail/71742
推荐阅读
相关标签
