一、需求分析

RBAC(Role-Based Access Control,基于角色的访问控制),就是用户通过角色与权限进行关联。简单地说,一个用户拥有若干角色,一个角色拥有若干权限。这样,就构造成“用户-角色-权限”的授权模型。在这种模型中,用户与角色之间,角色与权限之间都是多对多的关系。

一个可访问的含正则表达式的url就是一个权限,利用角色控制访问url。

二、功能实现

1、目录树

2、数据库设计

用户组,角色,权限

from django.db import models# Create your models here.class User(models.Model):name=models.CharField(max_length=32)pwd=models.CharField(max_length=32)roles=models.ManyToManyField("Role")def __str__(self):return self.nameclass Role(models.Model):title=models.CharField(max_length=32)permissions=models.ManyToManyField("Permission")def __str__(self):return self.titleclass Permission(models.Model):url=models.CharField(max_length=32)title=models.CharField(max_length=32,default="")p_group=models.ForeignKey("PermissionGroup",default=1)code=models.CharField(max_length=32,default="list",)def __str__(self):return self.titleclass PermissionGroup(models.Model):name=models.CharField(max_length=32)def __str__(self):return self.name

models.py

3、登录验证

将登录用户的所有权限信息注入到session中

rbac/service/initail.py

def permission_session(user,request):# 将当前user的所有权限注入session中# 方式1:#permissions = user.roles.all().values("permissions__url").distinct()# permission_list = []# for i in permissions:#     permission_list.append(i.get("permissions__url"))#
    # request.session["permission_list"] = permission_list# 方式2:permissions = user.roles.all().values("permissions__url","permissions__p_group_id","permissions__code").distinct()# print(permissions)
permission_dict={}for permission in permissions:p_group_id=permission.get("permissions__p_group_id")if p_group_id in permission_dict:permission_dict[p_group_id]["urls"].append(permission.get("permissions__url"))permission_dict[p_group_id]["codes"].append(permission.get("permissions__code"))else:permission_dict[p_group_id]={"urls":[permission.get("permissions__url")],"codes":[permission.get("permissions__code")],}print(permission_dict)request.session["permission_dict"]=permission_dict

4、基于中间件做权限校验

功能:  1.白名单验证;

     2.验证是否已经写入session,即:是否已经登录;

     3.当前访问的url与当前用户的权限url进行匹配验证,并在request中写入code信息

settings.py

MIDDLEWARE = ['django.middleware.security.SecurityMiddleware','django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware',"rbac.service.rbac.PermissionValid",]

rabc.py

from django.utils.deprecation import MiddlewareMixinfrom django.shortcuts import HttpResponse,redirect,renderclass PermissionValid(MiddlewareMixin):def process_request(self,request):valid_url=["/login/","/reg/","/admin/.*"]      #白名单import refor url in valid_url:url="^%s$"%urlret=re.match(url,request.path_info)if ret:return None#.验证是否已经写入session,即:是否已经登录if not request.session.get("user_id"):return redirect("/login/")current_path = request.path_info# 方式1:# permission_list = request.session.get("permission_list")#
        # import re#
        # flag = False# for permission in permission_list:#     permission="^%s$"%permission#     ret = re.match(permission, current_path)#     if ret:#         flag = True#         break# if not flag:#     return HttpResponse("无权访问")# 方式2:#与当前访问的url与权限url进行匹配验证,并在request中写入code信息,permission_dict = request.session.get("permission_dict")import reflag = Falsefor item in permission_dict.values():urls=item["urls"]for permission in urls:permission="^%s$"%permissionret = re.match(permission, current_path)if ret:print("codes",item.get("codes"))request.codes=item.get("codes")return Nonereturn HttpResponse("无权访问")

三、代码

from django.shortcuts import render,HttpResponse,redirect# Create your views here.from rbac.models import *class PermissionCode(object):def __init__(self,codes):self.codes=codesdef list(self):return "list" in self.codesdef add(self):return "add" in self.codesdef edit(self):return "edit" in self.codesdef delete(self):return "del" in self.codesdef users(request):user_list=User.objects.all()per=PermissionCode(request.codes)return render(request,"users.html",locals())def add_users(request):return HttpResponse("添加用户")def change_users(request,id):return HttpResponse("编辑用户")
def delete_users(request,id):return HttpResponse("删除用户")def login(request):if request.method=="POST":user=request.POST.get("user")pwd=request.POST.get("pwd")user=User.objects.filter(name=user,pwd=pwd).first()if user:request.session["user_id"]=user.pkfrom rbac.service.initail import permission_sessionpermission_session(user,request)return HttpResponse("登录成功")return render(request,"login.html")

app01/views.py

def permission_session(user,request):# 将当前user的所有权限注入session中# 方式1:#permissions = user.roles.all().values("permissions__url").distinct()# permission_list = []# for i in permissions:#     permission_list.append(i.get("permissions__url"))#
    # request.session["permission_list"] = permission_list# 方式2:permissions = user.roles.all().values("permissions__url","permissions__p_group_id","permissions__code").distinct()# print(permissions)
permission_dict={}for permission in permissions:p_group_id=permission.get("permissions__p_group_id")if p_group_id in permission_dict:permission_dict[p_group_id]["urls"].append(permission.get("permissions__url"))permission_dict[p_group_id]["codes"].append(permission.get("permissions__code"))else:permission_dict[p_group_id]={"urls":[permission.get("permissions__url")],"codes":[permission.get("permissions__code")],}print(permission_dict)request.session["permission_dict"]=permission_dict

rabc/service/initail.py

from django.utils.deprecation import MiddlewareMixinfrom django.shortcuts import HttpResponse,redirect,renderclass PermissionValid(MiddlewareMixin):def process_request(self,request):valid_url=["/login/","/reg/","/admin/.*"]      #白名单import refor url in valid_url:url="^%s$"%urlret=re.match(url,request.path_info)if ret:return None#.验证是否已经写入session,即:是否已经登录if not request.session.get("user_id"):return redirect("/login/")current_path = request.path_info# 方式1:# permission_list = request.session.get("permission_list")#
        # import re#
        # flag = False# for permission in permission_list:#     permission="^%s$"%permission#     ret = re.match(permission, current_path)#     if ret:#         flag = True#         break# if not flag:#     return HttpResponse("无权访问")# 方式2:#与当前访问的url与权限url进行匹配验证,并在request中写入code信息,permission_dict = request.session.get("permission_dict")import reflag = Falsefor item in permission_dict.values():urls=item["urls"]for permission in urls:permission="^%s$"%permissionret = re.match(permission, current_path)if ret:print("codes",item.get("codes"))request.codes=item.get("codes")return Nonereturn HttpResponse("无权访问")

rabc/service/rabc.py

from django.contrib import admin# Register your models here.from .models import *admin.site.register(User)
admin.site.register(Role)class PermissionConfig(admin.ModelAdmin):list_display = ["title","url","p_group","code"]
admin.site.register(Permission,PermissionConfig)
admin.site.register(PermissionGroup)

rabc/admin.py

from django.db import models# Create your models here.class User(models.Model):name=models.CharField(max_length=32)pwd=models.CharField(max_length=32)roles=models.ManyToManyField("Role")def __str__(self):return self.nameclass Role(models.Model):title=models.CharField(max_length=32)permissions=models.ManyToManyField("Permission")def __str__(self):return self.titleclass Permission(models.Model):url=models.CharField(max_length=32)title=models.CharField(max_length=32,default="")p_group=models.ForeignKey("PermissionGroup",default=1)code=models.CharField(max_length=32,default="list",)def __str__(self):return self.titleclass PermissionGroup(models.Model):name=models.CharField(max_length=32)def __str__(self):return self.name

rabc/models.py

INSTALLED_APPS = ['django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles','app01.apps.App01Config',"rbac.apps.RbacConfig",
]MIDDLEWARE = ['django.middleware.security.SecurityMiddleware','django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware',"rbac.service.rbac.PermissionValid",]

settings.py

from django.conf.urls import url
from django.contrib import adminfrom app01 import views
urlpatterns = [url(r'^admin/', admin.site.urls),url(r'^login/$', views.login),url(r'^users/$', views.users),url(r'^users/add/$', views.add_users),url(r'^users/(\d+)/change/$', views.change_users),url(r'^users/(\d+)/delete/$', views.delete_users),
]

urls.py

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body><form action="" method="post">{% csrf_token %}用户名:<input type="text" name="user">密码:<input type="text" name="pwd"><input type="submit">
</form></body>
</html>

templates/login.html

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>Title</title><!-- 最新版本的 Bootstrap 核心 CSS 文件 -->
<link rel="stylesheet" href="https://cdn.bootcss.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
</head>
<body><div class="container"><h3>查看用户</h3><div class="col-md-6">{% if per.add %}<a href="/users/add/" class="btn btn-primary">添加用户</a>{% endif %}<table class="table table-borderd table-striped col-md-offset-4">{% for user in user_list %}<tr><td>{{ forloop.counter }}</td><td>{{ user.name }}</td>{% if per.edit %}<td><a href="/users/{{ user.pk }}/change" class="btn btn-success">编辑</a></td>{% endif %}{% if per.delete  %}<td><a href="/users/{{ user.pk }}/delete/" class="btn btn-success">删除</a></td>{% endif %}</tr>{% endfor %}</table></div>
</div></body>
</html>

templates/users.html

转载于:https://www.cnblogs.com/smallmars/p/8695125.html

【django之权限组件】相关推荐

  1. Django框架深入了解_03(DRF之认证组件、权限组件、频率组件、token)

    阅读目录 一.认证组件 使用方法: token简单描述: 应用token编写登录接口: 二.权限组件 使用方法: 三.频率组件 使用方法: 一.认证组件 回到顶部 使用方法: ①写一个认证类,新建文件 ...

  2. Django DRF认证组件/权限组件/序列化组件综合总结(完整版)

    本代码完成的功能是: 1.根据token判断用户登录状态,然后提示用户是否登陆, 2.用户登录后,根据用户类型判断用户是否有权限查看资料 使用rest_framework一定要在配置文件设置先设置 ' ...

  3. Django框架之DRF 认证组件源码分析、权限组件源码分析、频率组件源码分析

    阅读目录 认证组件 权限组件 频率组件 认证组件 权限组件 频率组件

  4. Django框架(二十)—— Django rest_framework-认证组件

    Django rest_framework-认证组件 一.什么是认证 只有认证通过的用户才能访问指定的url地址,比如:查询课程信息,需要登录之后才能查看,没有登录,就不能查看,这时候需要用到认证组件 ...

  5. 1、rbac权限组件-初识, 中间件校验1

    1.权限组件rbac 1.什么是权限 1 项目与应用 2 什么是权限? 一个包含正则表达式url就是一个权限 who what how ---------->True or Flase 2.版本 ...

  6. rbac权限组件整合到实际项目的全过程详述

    rbac简介 项目的GitHub地址 欢迎Download&Fork&Star:https://github.com/Wanghongw/CombineRbac 另外,本文只简单介绍一 ...

  7. CRM 开发 - 权限组件/stark组件/CRM业务

    CRM开发(系列) - 武沛齐 - 博客园CRM,客户关系管理系统(Customer Relationship Management).企业用CRM技术来管理与客户之间的关系,以求提升企业成功的管理方 ...

  8. Rest-framework之drf认证组件,权限组件+不存数据库的token认证

    Rest-framework之drf认证组件,权限组件 django中一个请求时一个reques,如果在哪个位置改了request,那么到了后面就是修改过的request 昨日回顾: 认证: -写一个 ...

  9. drf-频率组件 权限组件

    setting中的配置: REST_FRAMEWORK = {# 全局使用认证组件配置'DEFAULT_AUTHENTICATION_CLASSES': ['app01.my_author.Token ...

最新文章

  1. android摄像头方向与屏方向,Android通过ExifInterface判断Camera图片方向的方法
  2. Linux内核学习资料
  3. 七牛云徐晶:低延迟互动时代看好WebRTC和SRT
  4. No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?
  5. 高级JAVA码农必须搞清楚它们的区别:instanceof、isInstance、isAssignableFrom
  6. Python网络编程中的select 和 poll I/O复用的简单使用
  7. GridView 添加分害线
  8. POJ 1159 - Palindrome 优化空间LCS
  9. 根据varchar排列是怎么比大小的_骨架大小怎么看?肩宽、胸腔宽、胯宽是关键,加码大骨架穿搭技巧...
  10. linkedin第三方授权登录
  11. MD5,SHA1,SHA256,NTLM,LM等Hash在线破解网站收集
  12. Excel 模拟form表单提交
  13. 使用Python,OpenCV构建移动文档扫描仪
  14. python:selenium库进行网易云歌曲匹配播放
  15. Linux下不小心按下Ctrl+Z的解决
  16. 华为手机_text是什么文件_text函数怎么使用
  17. 12. webpack4压缩css
  18. TLD5097EL-ASEMI代理英飞LED驱动TLD5097EL
  19. 质量追溯系统意义在哪?
  20. AcWing 1101. 献给阿尔吉侬的花束(bfs)

热门文章

  1. bash-高级编程--变量和参数介绍
  2. Everyone Do this at the Beginning!!-Kaggle 数据预处理方案
  3. 【CyberSecurityLearning 61】文件上传
  4. BugkuCTF-Misc:隐写3
  5. Hybrid app 学习资料收集
  6. linux memalign、valloc函数
  7. ThreadLocal 和 InheritableThreadLocal
  8. QT读取Word文档
  9. 计算机电子与网络技术,电子信息工程与计算机网络技术
  10. php $interval,如何在PHP中使用setInterval?