一 權限管理 初始版
結構
1.創建rbac應用
2.在models中創建對象
models
from django.db import models class Permission(models.Model): """ 權限表 """ title = models.CharField(verbose_name='標題',max_length=32) url = models.CharField(verbose_name="含正則URL",max_length=64) is_menu = models.BooleanField(verbose_name="是否是菜單") class Meta: verbose_name_plural = "權限表" def __str__(self): return self.title class User(models.Model): """ 用戶表 """ username = models.CharField(verbose_name='用戶名',max_length=32) password = models.CharField(verbose_name='密碼',max_length=64) email = models.CharField(verbose_name='郵箱',max_length=32) roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True) class Meta: verbose_name_plural = "用戶表" def __str__(self): return self.username class Role(models.Model): """ 角色表 """ title = models.CharField(max_length=32) permissions = models.ManyToManyField(verbose_name='具有的所有權限',to='Permission',blank=True) class Meta: verbose_name_plural = "角色表" def __str__(self): return self.title
3.基於Django admin錄入權限數據
注意;需要在admin.py 中作如下操作(只針對從用admin導入數據時配置,當然也可以從數據庫中直接添加)
from django.contrib import admin from . import models admin.site.register(models.Permission) admin.site.register(models.User) admin.site.register(models.Role)
4.用戶登錄程序
根據輸入的用戶名和密碼得到相應的user,
根據user對象獲取其擁有的角色和具有的權限並去重並且將權限表中的url放入seesion中,將這部分操作的代碼抽取到service包下的init_permission.py
下的init_permission(request,user)方法中,然后在views中調用該方法即可,
- 獲取當前用戶具有的所有權限(去重)
- 獲取權限中的url,放置到session中
def init_permission(user,request): """ 初始化權限信息,獲取權限信息並放置到session中。 :param user: :param request: :return: """ permission_list = user.roles.values('permissions__title', 'permissions__url', 'permissions__is_menu').distinct() url_list = [] for item in permission_list: url_list.append(item['permissions__url']) print(url_list) request.session['permission_url_list'] = url_list
5.編寫中間件
import re from django.shortcuts import redirect,HttpResponse from django.conf import settings class MiddlewareMixin(object): def __init__(self, get_response=None): self.get_response = get_response super(MiddlewareMixin, self).__init__() def __call__(self, request): response = None if hasattr(self, 'process_request'): response = self.process_request(request) if not response: response = self.get_response(request) if hasattr(self, 'process_response'): response = self.process_response(request, response) return response class RbacMiddleware(MiddlewareMixin): def process_request(self,request): # 1. 獲取當前請求的URL # request.path_info # 2. 獲取Session中保存當前用戶的權限 # request.session.get("permission_url_list') current_url = request.path_info # 當前請求不需要執行權限驗證(白名單) for url in settings.VALID_URL: if re.match(url,current_url): return None permission_list = request.session.get("permission_url_list") if not permission_list: return redirect('/login/') flag = False for db_url in permission_list: regax = "^{0}$".format(db_url) if re.match(regax, current_url): flag = True break if not flag: return HttpResponse('無權訪問')
a,獲取當前訪問的路徑 request.path_info
b,在setting中配置不需要驗證的url--白名單(人人登錄后就可以訪問的如login admin.*)然后調用
VALID_URL = [ "/login/", "/admin.*" ]
根據正則判斷當前路徑是否在白名單中,白名單中的路徑要嚴格的控制以什么開頭和以什么結尾,如果是白名單return None 繼續執行后面的代碼
如果不是直接跳轉到登錄
c,不是白名單的話,則判斷是否已經登錄,最簡單的方法就是獲取當前session 看是里面的url列表是否為空,如果為空的話說明沒有登錄,直接
調轉到登陸,不讓他執行后續操作
d,url list不為空的話就說明已經登陸了,進一步看當前的訪問路徑是否在是否在urllist中,在的話就說明用戶具有操作該url的權限否則就說明該用戶沒有
訪問權限,直接return HttpResponse("無權訪問")
注意:中間件創建完成之后。需要在settings中的MIDDLEWARE最后添加'rbac.middlewares.rbac.RbacMiddleware',
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'rbac.middlewares.rbac.RbacMiddleware', ]
示例一權限管理 加強
對於權限管理,不單單的只是控制能不能訪問某個路徑,而且還需要根據用戶的權限,當用戶訪問某個頁面時,在頁面上展示什么,比如某些用戶
雖然能訪問首頁,但是他沒有添加用戶的權限,這時就不能將添加按鈕展現在首頁,而對於具有添加用戶權限的用戶則需要將添加用戶的按鈕展示
在首頁上
在訪問列表頁面時,是否需要判斷:有無添加權限,有無刪除權限,有無編輯權限;
1.在rbac下的models中添加Group類,在權限表中添加code字段和外鍵group
class Group(models.Model): """ 權限組 """ caption = models.CharField(verbose_name='組名稱',max_length=16) class Permission(models.Model): """ 權限表 """ title = models.CharField(verbose_name='標題',max_length=32) url = models.CharField(verbose_name="含正則URL",max_length=64) is_menu = models.BooleanField(verbose_name="是否是菜單") code = models.CharField(verbose_name="代碼",max_length=16) group = models.ForeignKey(verbose_name='所屬組',to="Group") class Meta: verbose_name_plural = "權限表" def __str__(self): return self.title
2.在rbac/service/init_permission.py/init_permission類中進行修改
結構化數據模型
data = { 1: { 'codes': ['list','add','edit','del'], 'urls':[ /userinfo/, /userinfo/add/, /userinfo/edit/(\d+)/, /userinfo/del/(\d+)/, ] }, 2: { 'codes': ['list','add','edit','del'], 'urls':[ /userinfo/, /userinfo/add/, /userinfo/edit/(\d+)/, /userinfo/del/(\d+)/, ] }, }
permission_list = user.roles.values('permissions__title', "permissions__code", 'permissions__url', 'permissions__is_menu', "permissions__group__id", ).distinct() result={} for item in permission_list: groupid=item["permissions__group__id"] code=item["permissions__code"] url=item["permissions__url"] if groupid in result: result[groupid]["codes"].append(code) result[groupid]["urls"].append(url) else: result[groupid]={ "codes":[code,], "urls":[url,] } print(result) request.session[settings.PERMISSIONS_URL_DICT_KEY] = result
3.對中間件進行修改
import re from django.shortcuts import redirect,HttpResponse from django.conf import settings class MiddlewareMixin(object): def __init__(self, get_response=None): self.get_response = get_response super(MiddlewareMixin, self).__init__() def __call__(self, request): response = None if hasattr(self, 'process_request'): response = self.process_request(request) if not response: response = self.get_response(request) if hasattr(self, 'process_response'): response = self.process_response(request, response) return response class RbacMiddleware(MiddlewareMixin): def process_request(self,request): # 1. 獲取當前請求的URL # request.path_info # 2. 獲取Session中保存當前用戶的權限 # request.session.get("permission_url_list') current_url = request.path_info # 當前請求不需要執行權限驗證 for url in settings.VALID_URL: if re.match(url,current_url): return None permission_dict = request.session.get(settings.PERMISSION_URL_DICT_KEY) if not permission_dict: return redirect('/login/') flag = False for group_id,code_url in permission_dict.items(): for db_url in code_url['urls']: regax = "^{0}$".format(db_url) if re.match(regax, current_url): request.permission_code_list = code_url['codes'] flag = True break if flag: break if not flag: return HttpResponse('無權訪問')
4.對views進行操作,是否頁面上顯示功能按鈕:
方法1:在模塊中進行判斷
{% if "add/edit/del" in request.permission_code_list %}
<a href="">添加/編輯/刪除</a>
{% endif%}
方法二:
在views中利用面向對象
class BasePagePermission(object): def __init__(self,code_list): self.code_list = code_list def has_add(self): if "add" in self.code_list: return True def has_edit(self): if 'edit' in self.code_list: return True def has_del(self): if 'del' in self.code_list: return True def userinfo(request): page_permission = BasePagePermission(request.permission_code_list) data_list = [ {'id':1,'name':'xxx1'}, {'id':2,'name':'xxx2'}, {'id':3,'name':'xxx3'}, {'id':4,'name':'xxx4'}, {'id':5,'name':'xxx5'}, ] return render(request,'userinfo.html',{'data_list':data_list,'page_permission':page_permission})
5.模塊中進行判斷
{% if pagepermission.has_add %}
<p><a href="">添加</a></p>
{% endif %}
示例二 菜單展示
1.在models中添加Menu對象(表)以及和Group建立起一對多的對應關系
from django.db import models class Menu(models.Model): """ 菜單組 """ title = models.CharField(max_length=32) class Group(models.Model): """ 權限組 """ caption = models.CharField(verbose_name='組名稱',max_length=16) menu = models.ForeignKey(verbose_name='所屬菜單',to='Menu') class Permission(models.Model): """ 權限表 """ title = models.CharField(verbose_name='標題',max_length=32) url = models.CharField(verbose_name="含正則URL",max_length=64) is_menu = models.BooleanField(verbose_name="是否是菜單") code = models.CharField(verbose_name="代碼",max_length=16) group = models.ForeignKey(verbose_name='所屬組',to="Group") class Meta: verbose_name_plural = "權限表" def __str__(self): return self.title class User(models.Model): """ 用戶表 """ username = models.CharField(verbose_name='用戶名',max_length=32) password = models.CharField(verbose_name='密碼',max_length=64) email = models.CharField(verbose_name='郵箱',max_length=32) roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True) class Meta: verbose_name_plural = "用戶表" def __str__(self): return self.username class Role(models.Model): """ 角色表 """ title = models.CharField(max_length=32) permissions = models.ManyToManyField(verbose_name='具有的所有權限',to='Permission',blank=True) class Meta: verbose_name_plural = "角色表" def __str__(self): return self.title
2.- 初始化: 獲取菜單信息+權限信息
from django.conf import settings def init_permission(user,request): """ 初始化權限信息,獲取權限信息並放置到session中。 :param user: :param request: :return: """ permission_list = user.roles.values('permissions__title', # 用戶列表 'permissions__url', 'permissions__code', 'permissions__is_menu', # 是否是菜單 'permissions__group_id', 'permissions__group__menu_id', # 菜單ID 'permissions__group__menu__title',# 菜單名稱 ).distinct() menu_list = [] # 去掉不是菜單的URL for item in permission_list: if not item['permissions__is_menu']: continue tpl = { 'menu_id':item['permissions__group__menu_id'], 'menu_title':item['permissions__group__menu__title'], 'title':item['permissions__title'], 'url':item['permissions__url'], 'active':False, } menu_list.append(tpl) request.session[settings.PERMISSION_MENU_KEY] = menu_list # 權限相關 result = {} for item in permission_list: group_id = item['permissions__group_id'] code = item['permissions__code'] url = item['permissions__url'] if group_id in result: result[group_id]['codes'].append(code) result[group_id]['urls'].append(url) else: result[group_id] = { 'codes':[code,], 'urls':[url,] } request.session[settings.PERMISSION_URL_DICT_KEY] = result
結構化數據 示例;
mport re menu_list = [ {'menu_id':1, 'menu_title':'菜單一','title':'用戶列表','url':'/userinfo/','active':False}, {'menu_id':1, 'menu_title':'菜單一','title':'訂單列表','url':'/order/','active':False}, {'menu_id':2, 'menu_title':'菜單二','title':'xxx列表','url':'/xxx/','active':False}, {'menu_id':2, 'menu_title':'菜單二','title':'iii列表','url':'/uuu/','active':False}, ] current_url = "/userinfo/" res={} for tem in menu_list: mid=tem["menu_id"] mtitle=tem["menu_title"] title=tem["title"] url=tem["url"] active=False if re.match(url,current_url): active=True if mid in res: res[mid]["children"].append({"title":title,"url":url,"active":active}) if active: res[mid]["active"]=True else: res[mid]={ "menu_id":mid, "menu_title":mtitle, "active":active, "children":[ {"title":title,"url":url,"active":True}, ] } print(res)
結果:
aa={ 1: { 'menu_id': 1, 'menu_title': '菜單一', 'active': True, 'children': [{'title': '用戶列表', 'url': '/userinfo/', 'active': True}, {'title': '訂單列表', 'url': '/order/', 'active': True}] }, 2: { 'menu_id': 2, 'menu_title': '菜單二', 'active': True, 'children': [{'title': 'xxx列表', 'url': '/xxx/', 'active': True}, {'title': 'iii列表', 'url': '/uuu/', 'active': True}] } }
3.顯示多級菜單
模塊中操作
其中菜單部分由自定義標簽生產
具體展示頁面則用模塊繼承:如userinfo
a. base.html
{% load rbac %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<link rel="stylesheet" href="/static/rbac/rbac.css">
</head>
<body>
<div style="float: left;width: 20%;height: 900px;background-color: darkgrey">
{% menu_html request %}
</div>
<div style="float: left;width: 80%">
{% block content %}
{% endblock %}
</div>
</body>
<script src="/static/jquery-3.2.1.min.js"></script>
<script src="/static/rbac/rbac.js"></script>
</html>
b. userinfo.html
{% extends "base.html" %}
{% block content %}
{% if pagepermission.has_add %}
<p><a href="">添加</a></p>
{% endif %}
<table>
<thead>
<th>id</th>
<th>name</th>
<th>操作</th>
</thead>
<tbody>
{% for foo in data_list %}
<tr>
<td>{{ foo.id }}</td>
<td>{{ foo.name }}</td>
<td>
{% if pagepermission.has_edit %}
<a href="#">編輯</a>
{% endif %}
{% if pagepermission.has_del %}
<a href="#">刪除</a>
{% endif %}
</td>
</tr>
{% endfor %}
{% endblock %}
c.建立自定義標簽
rbac/templatetags/rabc.py
import re from django.template import Library from django.conf import settings register = Library() @register.inclusion_tag("menuList.html") def menu_html(request): menu_list = request.session[settings.PERMISSION_MENU_KEY] current_url = request.path_info result = {} for item in menu_list: url = item['url'] regex = "^{0}$".format(url) active = False if re.match(regex,current_url): active = True menu_id = item['menu_id'] if menu_id in result: result[menu_id]['children'].append({'title': item['title'], 'url': item['url'], 'active': active}) if active: result[menu_id]['active'] = True else: result[menu_id] = { 'menu_id': menu_id, 'menu_title': item['menu_title'], 'active': active, 'children': [ {'title': item['title'], 'url': item['url'], 'active': active}, ] } return {'menu_dict':result}
d. menuList.html
{% for k,item in menu_dict.items %}
<div class="item">
<div class="item_title">{{ item.menu_title }}</div>
{% if item.active %}
<div class="item_permissions">
{% else %}
<div class="item_permissions hide">
{% endif %}
{% for v in item.children %}
{% if v.active %}
<a href="#" class="active">{{ v.title }}</a>
{% else %}
<a href="#">{{ v.title }}</a>
{% endif %}
{% endfor %}
</div>
</div>
{% endfor %}
e.相關css和js
在rbac建立static/rbac目錄在其中創建rabc.css和rabc.js
.item_permissions{
padding: 3px 10px;
}
.item_permissions a{
display: block;
}
.item_permissions a.active{
color: red;
}
.hide{
display: none;
}
$(function () { $(".item_title").click(function () { $(this).next().toggleClass("hide") }); })
四.菜單展示改進
因為當我們對用戶部分進行增刪改時,用戶列表也應該事展開的,但是我們上面所寫的當我們點擊增加刪除編輯按鈕時,用戶菜單會閉合而不是展開的
對此我們進行了改進
1..在權限表中增加字段menu_gp,並刪除is_menu字段
from django.db import models class Menu(models.Model): ''' 菜單表 ''' title=models.CharField(max_length=32,verbose_name="菜單名稱") class Group(models.Model): ''' 權限組 ''' caption=models.CharField(max_length=32,verbose_name="組名稱") menu=models.ForeignKey(verbose_name="所屬菜單",to="Menu",default=1) class Permission(models.Model): """ 權限表 """ title = models.CharField(verbose_name='標題',max_length=32) url = models.CharField(verbose_name="含正則URL",max_length=64) # is_menu = models.BooleanField(verbose_name="是否是菜單") menu_gp=models.ForeignKey(verbose_name="組內菜單",to="Permission",null=True,blank=True) code=models.CharField(max_length=32,verbose_name="代碼",default="list") group=models.ForeignKey(verbose_name="s所在權限組",to="Group",default=1) class Meta: verbose_name_plural = "權限表" def __str__(self): return self.title class User(models.Model): """ 用戶表 """ username = models.CharField(verbose_name='用戶名',max_length=32) password = models.CharField(verbose_name='密碼',max_length=64) email = models.CharField(verbose_name='郵箱',max_length=32) roles = models.ManyToManyField(verbose_name='具有的所有角色',to="Role",blank=True) class Meta: verbose_name_plural = "用戶表" def __str__(self): return self.username class Role(models.Model): """ 角色表 """ title = models.CharField(max_length=32) permissions = models.ManyToManyField(verbose_name='具有的所有權限',to='Permission',blank=True) class Meta: verbose_name_plural = "角色表" def __str__(self): return self.title
2.修改初始化中菜單
from django.conf import settings def init_permission(user,request): """ 初始化權限信息,獲取權限信息並放置到session中。 :param user: :param request: :return: """ permission_list = user.roles.values('permissions__title', "permissions__code", "permissions__id", 'permissions__url', 'permissions__menu_gp_id', "permissions__group__id", "permissions__group__menu_id", "permissions__group__menu__title", ).distinct() menu_list=[] for item in permission_list: tpl={ "id":item["permissions__id"], "title":item["permissions__title"], "menu_title":item["permissions__group__menu__title"], "url":item["permissions__url"], "menu_id":item["permissions__group__menu_id"], "menu_gp_id":item["permissions__menu_gp_id"], } menu_list.append(tpl) request.session[settings.PERMISSIONS_MENU_KEY]=menu_list # menu_list=[] # for item in permission_list: # if not item["permissions__is_menu"]: # continue # # tpl={ # "menu_id":item["permissions__group__menu_id"], # "menu_title":item["permissions__group__menu__title"], # "title":item["permissions__title"], # "url":item["permissions__url"], # "active":False, # } # # menu_list.append(tpl) # print(menu_list) # request.session[settings.PERMISSIONS_MENU_KEY]=menu_list #權限管理 result={} for item in permission_list: groupid=item["permissions__group__id"] code=item["permissions__code"] url=item["permissions__url"] if groupid in result: result[groupid]["codes"].append(code) result[groupid]["urls"].append(url) else: result[groupid]={ "codes":[code,], "urls":[url,] } print(result) request.session[settings.PERMISSIONS_URL_DICT_KEY] = result
3.修改定義標簽
import re from django.conf import settings from django.template import Library register = Library() @register.inclusion_tag("menuList.html") def menu_html(request): menu_list=request.session.get(settings.PERMISSIONS_MENU_KEY) currenturl=request.path_info menu_dict={} for item in menu_list: if not item["menu_gp_id"]: menu_dict[item["id"]]=item for item in menu_list: regex="^{0}$".format(item["url"]) if re.match(regex,currenturl): menu_gp_id=item["menu_gp_id"] if not menu_gp_id: menu_dict[item["id"]]["active"]=True else: menu_dict[item["menu_gp_id"]]["active"]=True ''' menu_dict={ 1: {'id': 1, 'title': '用戶列表', 'url': '/userinfo/', 'menu_gp_id': None, 'menu_id': 1, 'menu_title': '菜單管理', 'active': True}, 5: {'id': 5, 'title': '訂單列表', 'url': '/order/', 'menu_gp_id': None, 'menu_id': 2, 'menu_title': '菜單2'}} ''' print(menu_dict,"11111111111111111111111111111111111111111111") result = {} for item in menu_dict.values(): menu_id=item["menu_id"] menu_title=item["menu_title"] active=item.get("active") url=item["url"] title=item["title"] if menu_id in result: result[menu_id]["children"].append({"title":title,"url":url,"active":active}) if active: result[menu_id]["active"]=True else: result[menu_id]={ "menu_id":menu_id, "menu_title":menu_title, "active":active, "children":[ {"title":title,"url":url,"active":active}, ] } print(result) # for item in menu_list: # menu_id=item["menu_id"] # menu_title=item["menu_title"] # title=item["title"] # url=item["url"] # active=False # regex="^{0}$".format(url) # if re.match(regex,currenturl): # active=True # # if menu_id in result: # result[menu_id]["children"].append({{"title":title,"url":url,"active":active},}) # if active: # result[menu_id]["active"]=active # else: # result[menu_id]={ # "menu_id":menu_id, # "menu_title":menu_title, # "active":active, # "children":[ # {"title":title,"url":url,"active":active}, # ] # } # print(result) return {"menu_dict":result}
其他不做修改