Django 权限控制初探
通过django默认的权限管理来管理权限即可,我们在基础上进行一些第三方扩展
下面给出一个权限控制的示例,这里url路径转发的时候需要添加默认的 别名,我们需要修改的也是这些别名
models.py
classUserProfile(models.Model):user=models.OneToOneField(User)name=models.CharField(max_length=64)school=models.ForeignKey('School')def__unicode__(self):returnself.nameclassMeta:permissions=(('view_customer_list',u"可以查看客户列表"),('view_customer_info',u"可以查看客户详情"),('edit_own_customer_info',u"可以修改自己的客户信息"),('view_teacher_list',u"可以查看老师列表"),('view_school_list',u"可以查看学校列表"),)
permissions.py 这边采取的是装饰的写法
#-*-coding:utf-8-*-#Author:AlexLifromdjango.core.urlresolversimportresolvefromdjango.shortcutsimportrenderperm_dic={'view_customer_list':['customer_list','GET',[]],'view_customer_info':['customer_detail','GET',[]],'''''''''后端参数''''edit_own_customer_info':['customer_detail','POST',[]],}defperm_check(*args,**kwargs):request=args[0]url_resovle_obj=resolve(request.path_info)current_url_namespace=url_resovle_obj.url_name#app_name=url_resovle_obj.app_name#usethisnamelaterprint("urlnamespace:",current_url_namespace)matched_flag=False#findmatchedpermitemmatched_perm_key=Noneifcurrent_url_namespaceisnotNone:#ifdidn'tsettheurlnamespace,permissiondoesn'tworkprint("findperm...")forperm_keyinperm_dic:perm_val=perm_dic[perm_key]iflen(perm_val)==3:#otherwiseinvalidpermdataformaturl_namespace,request_method,request_args=perm_valprint(url_namespace,current_url_namespace)ifurl_namespace==current_url_namespace:#matchedtheurlifrequest.method==request_method:#matchedrequestmethodifnotrequest_args:#ifempty,passmatched_flag=Truematched_perm_key=perm_keyprint('mtched...')break#noneedlookingforotherpermselse:forrequest_arginrequest_args:#mighthasmanyargsrequest_method_func=getattr(request,request_method)#getorpostmostly#print("----->>>",request_method_func.get(request_arg))ifrequest_method_func.get(request_arg)isnotNone:matched_flag=True#thearginsetinpermitemmustbeprovidedinrequestdataelse:matched_flag=Falseprint("requestarg[%s]notmatched"%request_arg)break#noneedgofurtherifmatched_flag==True:#meanspassedpermissioncheck,noneedcheckothersprint("--passedpermissioncheck--")matched_perm_key=perm_keybreakelse:#permissiondoesn'twork'''这边如果没有定义url别名的话,那么为了避免影响全局,就让它默认就有权限'''returnTrueifmatched_flag==True:#passpermissioncheckperm_str="crm.%s"%(matched_perm_key)#crm.view_customer_listifrequest.user.has_perm(perm_str):print("\033[42;1m--------passedpermissioncheck----\033[0m")returnTrueelse:print("\033[41;1m-----nopermission----\033[0m")print(request.user,perm_str)returnFalseelse:print("\033[41;1m-----nomatchedpermission----\033[0m")'''所有的为空的情况,也没有放过'''returnFalsedefcheck_permission(func):defwrapper(*args,**kwargs):print('---startcheckperm---')ifperm_check(*args,**kwargs)isnotTrue:#nopermisssionreturnrender(args[0],'crm/403.html')returnfunc(*args,**kwargs)returnwrapper
views.py
'''这块也在前端做了下权限划分的显示,成功了'''@login_required@check_permissiondefteachers(req):teachers_list=models.UserProfile.objects.all()returnrender(req,'crm/teachers.html',{'teachers_list':teachers_list})
◆ 权限验证(1)
views 中验证
ifnotrequest.user.has_perm('crm.view_teachers_list')returnHttpResponse('Forbidden')
◆ 权限验证(2)
Template 中的权限检查
{%ifperms.crm.view_teachers_list%}有权限{%endif%}
前端权限判断截图如下:
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
