热门标签
热门文章
- 1web前端开发——期末大作业网页制作——web网页设计期末课程大作业 HTML+CSS+JS网页设计期末课程大作业 web前端开发技术 web课程设计 网页规划与设计_web前端开发期末大作业
- 2HarmonyOS学习路之开发篇—AI功能开发(词性标注)
- 3spring oauth2 实现用户名密码登录、手机号验证码登录返回token_oauth2手机号登录
- 4史上最全嵌入式(学习路线、应用开发、驱动开发、推荐书籍、软硬件基础)
- 5卷积神经网络(CNN)详解_卷积神经网络详解
- 6Android换肤实现原理_getresourceentryname getidentifier
- 70928CSP-S模拟测试赛后总结
- 8Pytorch的GPU版本安装,在安装anaconda的前提下安装pytorch_如何安装pytorch gpu
- 9如何使用python模块将时间戳转时间日期?_python 时间戳转日期
- 10oauth/authorize 返回403_/authorization 403
当前位置: article > 正文
python笔记(Django 基于中间件的权限管理,权限粒度控制)
作者:我家小花儿 | 2024-02-09 11:46:44
赞
踩
中间件的权限
一、基于中间件的权限管理
-
权限,角色表的创建
class User(models.Model): name=models.CharField(max_length=32) pwd=models.CharField(max_length=32) roles=models.ManyToManyField(to="Role") def __str__(self): return self.name class Role(models.Model): title=models.CharField(max_length=32) permissions=models.ManyToManyField(to="Permission") def __str__(self): return self.title class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) def __str__(self):return self.title
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
-
登录成功session数据采集
sever/perssion.py
def initial_session(user,request): permissions = user.roles.all().values("permissions__url").distinct() # .distinct()去重 permission_list = [] for item in permissions: permission_list.append(item["permissions__url"]) print(permission_list) request.session["permission_list"] = permission_list- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
views.py
request.session["user_id"]=user.pk initial_session(user,request)- 1
- 2
-
中间件做权限认证(正则表达式)
import re from django.utils.deprecation import MiddlewareMixin from django.shortcuts import HttpResponse,redirect class ValidPermission(MiddlewareMixin): def process_request(self,request): # 当前访问路径 current_path = request.path_info # 检查是否属于白名单 valid_url_list=["/login/","/reg/","/admin/.*"] for valid_url in valid_url_list: ret=re.match(valid_url,current_path) if ret: return None # 校验是否登录 user_id=request.session.get("user_id") if not user_id: return redirect("/login/") # 校验权限 permission_list = request.session.get("permission_list",[]) # ['/users/', '/users/add', '/users/delete/(\\d+)', 'users/edit/(\\d+)'] flag = False for permission in permission_list: permission = "^%s$" % permission ret = re.match(permission, current_path) if ret: flag = True break if not flag: return HttpResponse("没有访问权限!") return None- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
-
在setting中放入自己的中间件
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', "rbac.service.rbac.ValidPermission" ]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
小知识:
1、什么时候该给路径加反斜杠:若没有加杠Django会自己加杠给重定向一次,相当于访问了浏览器两次。去除重定向:APPEND_SLASH = False 在setting.py中配置
二、权限粒度控制
-
更改数据库结构
class Permission(models.Model): title=models.CharField(max_length=32) url=models.CharField(max_length=32) action=models.CharField(max_length=32,default="") group=models.ForeignKey("PermissionGroup",default=1) def __str__(self):return self.title class PermissionGroup(models.Model): title = models.CharField(max_length=32) def __str__(self): return self.title- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
-
登录验证:
permissions = user.roles.all().values("permissions__url","permissions__group_id","permissions__action").distinct()- 1
-
构建permission_dict
原始permission_dict:permissions: [ {'permissions__url': '/users/add/', 'permissions__group_id': 1, 'permissions__action': 'add'}, {'permissions__url': '/roles/', 'permissions__group_id': 2, 'permissions__action': 'list'}, {'permissions__url': '/users/delete/(\\d+)', 'permissions__group_id': 1, 'permissions__action': 'delete'}, {'permissions__url': 'users/edit/(\\d+)', 'permissions__group_id': 1, 'permissions__action': 'edit'} ]- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
经过的数据处理函数:
permission_dict= {} for i in permissions: id = i.get('permissions__group_id') if id not in permission_dict: permission_dict[id] = { 'urls':[i.get('permissions__url'),], 'action':[i.get('permissions__action'),] } else: permission_dict[id].get('urls').append(i.get('permissions__url')) permission_dict[id].get('action').append(i.get('permissions__action'))- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
得到最终的数据:
permission_dict = { 1: { 'urls': ['/users/', '/users/add/', '/users/delete/(\\d+)', 'users/edit/(\\d+)'], 'actions': ['list', 'add', 'delete', 'edit'] }, 2: { 'urls': ['/roles/'], 'actions': ['list'] } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
-
中间件校验权限:
permission_dict=request.session.get("permission_dict") for item in permission_dict.values(): urls=item['urls'] for reg in urls: reg="^%s$"%reg ret=re.match(reg,current_path) if ret: print("actions",item['actions']) request.actions=item['actions'] return None return HttpResponse("没有访问权限!")- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
-
菜单权限
# 注册菜单权限 permissions = user.roles.all().values("permissions__url","permissions__action","permissions__group__title").distinct() print("permissions",permissions) menu_permission_list=[] for item in permissions: if item["permissions__action"]=="list": menu_permission_list.append((item["permissions__url"],item["permissions__group__title"])) print(menu_permission_list) request.session["menu_permission_list"]=menu_permission_list- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家小花儿/article/detail/71756
推荐阅读
相关标签
