Django web框架之权限管理二

def login(request): ???if request.method=="GET": ???????return render(request,‘login.html‘) ???else: ???????username=request.POST.get(‘user‘) ???????password=request.POST.get(‘pwd‘) ???????user=models.User.objects.filter(username=username,password=password).first() ???????if user: ???????????init_permission(user,request) ???????????return redirect(‘/index/‘) ???????else: ???????????return redirect(‘/login/‘)

from django.conf import settingsdef init_permission(user,request):
　　# 取数据 ???permission_list = user.roles.values( ???????‘permission__id‘, ???????‘permission__title‘, ???????‘permission__url‘, ???????‘permission__code‘, ???????‘permission__menu_group‘, ???????‘permission__group_id‘, ???????‘permission__group__caption‘, ???????‘permission__group__menu_id‘, ???????‘permission__group__menu__title‘, ???).distinct() ???current_url = request.path_info ???# 过滤权限相关的 ???result = {} ???# 用户所有的操作代码和可访问的url地址——权限相关 ???for item in permission_list: ???????group_id=item[‘permission__group_id‘] ???????code = item[‘permission__code‘] ???????url=item[‘permission__url‘] ???????if group_id in result: ???????????result[group_id][‘codes‘].append(code) ???????????result[group_id][‘urls‘].append(url) ???????else: ???????????result[group_id]={ ???????????????‘codes‘:[code,], ???????????????‘urls‘:[url,], ???????????}　　 # Session中添加字典 ???request.session[settings.PERMISSION_URL_DICT_KEY] = result ???# 过滤菜单相关的 ???menu_list = [] ???for item in permission_list: ???????msg = { ???????????‘id‘: item[‘permission__id‘], ???????????‘title‘: item[‘permission__title‘], ???????????‘url‘: item[‘permission__url‘], ???????????‘menu_gp_id‘: item[‘permission__menu_group‘], ???????????‘menu_id‘: item[‘permission__group__menu_id‘], ???????????‘menu_title‘: item[‘permission__group__menu__title‘], ???????} ???????menu_list.append(msg)　　 # Session中添加字典　 ???request.session[settings.PERMISSION_MENU_KEY]=menu_list

PERMISSION_URL_DICT_KEY=‘permission_url_dict‘ ??# 权限url数据PERMISSION_MENU_KEY=‘permission_menu_dict‘ ?????# 菜单字典数据

import refrom django.conf import settingsfrom django.shortcuts import redirect,render,HttpResponseclass MiddlewareMixin(object): ???def __init__(self, get_response=None): ???????self.get_response = get_response ???????super(MiddlewareMixin, self).__init__() ???def __call__(self, request): ???????response = None ???????if hasattr(self, ‘process_request‘): ???????????response = self.process_request(request) ???????if not response: ???????????response = self.get_response(request) ???????if hasattr(self, ‘process_response‘): ???????????response = self.process_response(request, response) ???????return response# 继承父类MiddlewareMixin方法class RbacMiddleware(MiddlewareMixin): ???def process_request(self,request): ???????current_url=request.path_info ?# 取到用户方法的路径信息：譬如 /index/,/userinfo/　　　　　# 判断用户访问的路径是否在白名单中 ???????for url in settings.VALID_URL: ???????????regax="^{0}$".format(url)
　　　　　　　# 如果匹配成功停止匹配，None继续往后面执行其他中间件，如果没有则直接到url路由规则中匹配,(/index/ ,views.index） ???????????if re.match(regax,current_url): ???????????????return None　　　　 # 从Session中取到权限数据，用户权限下的路径 ???????permission_dict=request.session.get(settings.PERMISSION_URL_DICT_KEY)
　　　　 # 如果没有则跳转到登录路径 ???????if not permission_dict: ???????????return redirect(‘/login/‘) ???????flag=False ???????for group_id,code_url_dic in permission_dict.items(): ???????????for db_url in code_url_dic[‘urls‘]: ???????????????regax="^{0}$".format(db_url)
　　　　　　　　　 # 匹配当前用户权限的路径是哪一个路径 ???????????????if re.match(regax,current_url):
　　　　　　　　　　　　# 给request中添加一个字典，values对应用户访问的权限下的codes代码：譬如 add ?list edit ???????????????????request.permission_code_list=code_url_dic[‘codes‘] ???????????????????flag=True ???????????????????break ???????????if flag: ???????????????break ???????if not flag: ???????????return HttpResponse(‘无权访问‘)

# 白名单VALID_URL=[ ???‘/login/‘, ???‘/logoff/‘, ???‘/index/‘, ???‘/test/‘, ???‘/admin.*‘,]# 加入中间件列表中MIDDLEWARE = [ ???‘django.middleware.security.SecurityMiddleware‘, ???‘django.contrib.sessions.middleware.SessionMiddleware‘, ???‘django.middleware.common.CommonMiddleware‘, ???‘django.middleware.csrf.CsrfViewMiddleware‘, ???‘django.contrib.auth.middleware.AuthenticationMiddleware‘, ???‘django.contrib.messages.middleware.MessageMiddleware‘, ???‘django.middleware.clickjacking.XFrameOptionsMiddleware‘, ???‘rbac.middleware.rbac.RbacMiddleware‘,]

import refrom django.conf import settingsfrom django.template import Libraryregister = Library()# 引用html文件tag.html@register.inclusion_tag(‘tag.html‘)def menu_html(request): ???# 通过request取到定制session中的菜单数据 ???permission_menu = request.session[settings.PERMISSION_MENU_KEY] ???current_url = request.path_info ???menu_dict = {} ???for item in permission_menu: ??????# 判断组内菜单是否在menu_dict中 ???????if not item[‘menu_gp_id‘]: ???????????menu_dict[item[‘menu_id‘]] = item ???for item in permission_menu: ???????regax = "^{0}$".format(item[‘url‘]) ??????# 匹配用户访问的路径是menu_dict中哪一个，给访问的路径添加一条actvie活动匹配 ???????if re.match(regax, current_url): ???????????menu_gp_id = item[‘menu_id‘] ???????????if menu_gp_id: ??????????????# 菜单组添加active ???????????????menu_dict[menu_gp_id][‘active‘] = True ???????????else: ???????????????# 组内菜单列表添加 ???????????????menu_dict[item[‘id‘]][‘active‘] = True ???result = {} ???for item in menu_dict.values(): ???????active = item.get(‘active‘) ???????menu_id = item[‘menu_id‘] ???????if menu_id in result: ???????????result[menu_id][‘children‘].append({‘title‘: item[‘title‘], ‘url‘: item[‘url‘], ‘active‘: active}) ???????????if active: ???????????????result[menu_id][‘active‘] = True ???????else: ???????????result[menu_id] = { ???????????????‘menu_id‘: item[‘menu_id‘], ???????????????‘menu_title‘: item[‘menu_title‘], ???????????????‘active‘: active, ???????????????‘children‘: [ ???????????????????{‘title‘: item[‘title‘], ‘url‘: item[‘url‘], ‘active‘: active} ???????????????] ???????????} ???return {‘menu_dict‘: result} ???