码迷,mamicode.com
首页 > 其他好文 > 详细

四. 访问权限的使用和设计

时间:2019-09-21 12:34:52      阅读:62      评论:0      收藏:0      [点我收藏+]

标签:tin   site   存储   login   哈哈   creat   objects   viwe   rom   

一.访问权限的使用和设计

技术图片                技术图片

model
from
django.db import models # Create your models here. class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) roles=models.ManyToManyField(to="Role") def __str__(self): return self.name class Meta: verbose_name_plural = "用户表" class Role(models.Model): title=models.CharField(max_length=32) permissions=models.ManyToManyField(to="Permission") def __str__(self): return self.title class Meta: verbose_name_plural = "角色表" class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) class Meta: verbose_name_plural = "权限表" def __str__(self):return self.title

技术图片技术图片

技术图片技术图片技术图片

URL
from django.contrib import admin
from django.urls import path

from  myapp import views
urlpatterns= [
    path(admin/, admin.site.urls),
    path(login/, views.login),
    path(user/, views.users),
    path(role/, views.roles),
    path(user/add/, views.add_user),

]
viwes

from django.shortcuts import render,HttpResponse
# Create your views here.
from  webauth import models

def login(request):
    if request.method == "POST":
        name=request.POST.get("user")
        pwd = request.POST.get("pwd")
        print(name,pwd)
        user_obj=models.User.objects.filter(name=name,pwd=pwd).first()
        if user_obj:
             # 查询登录成的所有用户权限
             # 查询当前登录用户的所有角色
            ret=user_obj.roles.all()
            print(ret)          #  <QuerySet [<Role: ceo>, <Role: 保安部>]>

             ############################### 在session中注册用户ID######################
            bb=request.session["user_id"] = user_obj.pk
            print(bb,"session存储值")

            ret1 = user_obj.roles.values("permissions__url")
            print(ret1,"11111")
             # < QuerySet[ {‘permissions__url‘: ‘user/add/‘}, {‘permissions__url‘: ‘/user/‘}, {‘permissions__url‘: ‘/role/‘}, {‘permissions__url‘: ‘/user/‘}] > 11111

            ret11 = user_obj.roles.all().values("title")
            print(ret11,"22222")       # < QuerySet[{‘title‘: ‘ceo‘}, {‘title‘: ‘保安部‘}] > 22222

            ret12= user_obj.roles.values("title")
            print(ret12,"333333")       # < QuerySet[{‘title‘: ‘ceo‘}, {‘title‘: ‘保安部‘}] > 333333

            ret3 = user_obj.roles.values("permissions__url").distinct()
            print(ret3)
            li_list=[]
            for items in ret3:
                li_list.append(items["permissions__url"])
            print(li_list,"访问权限_________________________")
             # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘]

            ###############################在session注册权限列表##############################
            aa=request.session["li_list"] = li_list
            print(aa,"权限保存在session中哈哈哈")
             # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘]

            return HttpResponse("ok")
    return render(request,"01login.html")

# 用户
def users(request):
    user_list=models.User.objects.all()
    return render(request,"users.html",locals())

import re
# 添加
def add_user(request):
    add_list=request.session["li_list"]
    # 在session中获取权限  在做校验
    print(add_list,"#在session中获取权限  在做校验")
    # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘]

    path_info=request.path_info   # / user / add /
    print(path_info)
    flag=False
    for add_li in  add_list:
        re_li="^%s$"%add_li
        ret=re.match(re_li,path_info)
        if ret:
            flag=True
            break
    if not flag:
        return  HttpResponse("没有访问权限")
    return HttpResponse("add user.....")



# 角色
def roles(request):
    add_list=request.session["li_list"]
    # 在session中获取权限  在做校验
    print(add_list,"#在session中获取权限  在做校验")
    # [‘/user/add/‘, ‘/user/‘, ‘/role/‘, ‘/user/dels/(\\d+)/‘, ‘/user/edit/(\\d+)/‘]
    path_info=request.path_info   # / user / add /
    print(path_info)
    flag=False
    for add_li in  add_list:
        re_li="^%s$"%add_li
        ret=re.match(re_li,path_info)
        if ret:
            flag=True
            break
    if not flag:
        return  HttpResponse("没有访问权限")
    role_list=models.Role.objects.all()
    return render(request,"roles.html",locals())

技术图片

 

四. 访问权限的使用和设计

标签:tin   site   存储   login   哈哈   creat   objects   viwe   rom   

原文地址:https://www.cnblogs.com/lovershowtime/p/11562305.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!