django 权限控制精简版
发布时间:2020-12-20 10:54:33 所属栏目:Python 来源:网络整理
导读:? 视图代码: 视图代码 def index(request): return render(request, ‘ index.html ‘ ) def login(request): if request.method == ‘ POST ‘ : user = request.POST.get( ‘ user ‘ ) pwd = request.POST.get( ‘ pwd ‘ ) user_obj = models.User.objec
|
? 视图代码: 视图代码 def index(request): return render(request,‘index.html‘) def login(request): if request.method == ‘POST‘: user = request.POST.get(‘user‘) pwd = request.POST.get(‘pwd‘) user_obj = models.User.objects.filter(username=user,password=pwd).first() #拿用户对象 if not user_obj: return render(request,‘login.html‘,{‘error‘:"用户名或密码错误"}) #登录成功 #查询权限信息 permissions = user_obj.roles.filter(permissions__url__isnull=False).values("permissions__url").distinct() #保存权限信息 request.session[‘permissions‘] = list(permissions) #保存登录状态 request.session[‘is_login‘] = ‘1‘ return redirect(‘/index/‘) return render(request,‘login.html‘) ? 中间件验证 from django.utils.deprecation import MiddlewareMixin from django.conf import settings from django.shortcuts import HttpResponse,redirect import re class RbacMiddleWare(MiddlewareMixin): def process_request(self,request): url = request.path_info for i in settings.WHITE_LIST: if re.match(i,url): #判断是否是白名单 return #登录状态校验 is_login = request.session.get(‘is_login‘) print(is_login) if is_login != ‘1‘: return redirect(‘/login/‘) #免认证校验 for i in settings.NO_AUTH_LIST: if re.match(i,url): #判断是否是免认证 return #权限校验 permissions = request.session.get(‘permissions‘) print(permissions) for i in permissions: if re.match(r‘^{}$‘.format(i[‘permissions__url‘]),url): return return HttpResponse(‘没有权限,请连线管理员‘) ? ?白名单和面验证设置 settings文件 WHITE_LIST = [ r‘^/login/$‘,r‘^/regist/$‘,r‘^/admin.*/‘ ] NO_AUTH_LIST = [ r‘^/index/$‘,] (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |