标签:name mission inf rmi method _id ESS 用户 所有权
rbac:基于角色的权限访问控制(Role-Based Access Control)。
def login(request): if request.method=="GET": return render(request,"login.html") else: user=request.POST.get("user") pwd=request.POST.get("pwd") user=UserInfo.objects.filter(name=user,pwd=pwd).first() if user: # 验证成功之后做什么? request.session["user_id"]=user.pk # 拿到session # 当前登录用户的所有权限, distinct()是去掉重复的权限 permission_info=user.roles.all().values("permissions__url","permissions__title").distinct() temp=[] # url列表 for i in permission_info: temp.append(i["permissions__url"]) request.session["permission_list"]=temp # {"user_id":1,"permission_list":[‘/users/‘,‘/orders/‘]} return HttpResponse("登录成功!") else: return redirect("/login/")
标签:name mission inf rmi method _id ESS 用户 所有权
原文地址:https://www.cnblogs.com/aaronthon/p/9463649.html
