Django权限控制初探-创新互联
通过django默认的权限管理来管理权限即可,我们在基础上进行一些第三方扩展
成都创新互联10年专注成都高端网站建设定制网站设计服务,为客户提供专业的成都网站制作,成都网页设计,成都网站设计服务;成都创新互联服务内容包含成都网站建设,小程序开发,软件开发,网络营销推广,网络运营服务及企业形象设计;成都创新互联拥有众多专业的高端网站制作开发团队,资深的高端网页设计团队及经验丰富的架构师高端网站策划团队;我们始终坚持从客户的角度出发,为客户量身订造网络营销方案,解决网络营销疑问。下面给出一个权限控制的示例,这里url路径转发的时候需要添加默认的 别名,我们需要修改的也是这些别名
models.py
class UserProfile(models.Model): user = models.OneToOneField(User) name = models.CharField(max_length=64) school = models.ForeignKey('School') def __unicode__(self): return self.name class Meta: permissions =(('view_customer_list', u"可以查看客户列表"), ('view_customer_info',u"可以查看客户详情"), ('edit_own_customer_info',u"可以修改自己的客户信息"), ('view_teacher_list',u"可以查看老师列表"), ('view_school_list',u"可以查看学校列表"), )
permissions.py 这边采取的是装饰的写法
# -*- coding:utf-8 -*- # Author:Alex Li from django.core.urlresolvers import resolve from django.shortcuts import render perm_dic = { 'view_customer_list': ['customer_list','GET',[]], 'view_customer_info': ['customer_detail','GET',[]], '''''' '''后端参数''' 'edit_own_customer_info': ['customer_detail','POST',[]], } def perm_check(*args,**kwargs): request = args[0] url_resovle_obj = resolve(request.path_info) current_url_namespace = url_resovle_obj.url_name #app_name = url_resovle_obj.app_name #use this name later print("url namespace:",current_url_namespace) matched_flag = False # find matched perm item matched_perm_key = None if current_url_namespace is not None:#if didn't set the url namespace, permission doesn't work print("find perm...") for perm_key in perm_dic: perm_val = perm_dic[perm_key] if len(perm_val) == 3:#otherwise invalid perm data format url_namespace,request_method,request_args = perm_val print(url_namespace,current_url_namespace) if url_namespace == current_url_namespace: #matched the url if request.method == request_method:#matched request method if not request_args:#if empty , pass matched_flag = True matched_perm_key = perm_key print('mtched...') break #no need looking for other perms else: for request_arg in request_args: #might has many args request_method_func = getattr(request,request_method) #get or post mostly #print("----->>>",request_method_func.get(request_arg)) if request_method_func.get(request_arg) is not None: matched_flag = True # the arg in set in perm item must be provided in request data else: matched_flag = False print("request arg [%s] not matched" % request_arg) break #no need go further if matched_flag == True: # means passed permission check ,no need check others print("--passed permission check--") matched_perm_key = perm_key break else:#permission doesn't work '''这边如果 没有定义url别名的话,那么为了避免影响全局,就让它默认就有权限''' return True if matched_flag == True: #pass permission check perm_str = "crm.%s" %(matched_perm_key) #crm.view_customer_list if request.user.has_perm(perm_str): print("\033[42;1m--------passed permission check----\033[0m") return True else: print("\033[41;1m ----- no permission ----\033[0m") print(request.user,perm_str) return False else: print("\033[41;1m ----- no matched permission ----\033[0m") '''所有的为空的情况,也没有放过''' return False def check_permission(func): def wrapper(*args,**kwargs): print('---start check perm---') if perm_check(*args,**kwargs) is not True:#no permisssion return render(args[0],'crm/403.html') return func(*args,**kwargs) return wrapper
views.py
'''这块也在前端做了下权限划分的显示,成功了''' @login_required @check_permission def teachers(req): teachers_list=models.UserProfile.objects.all() return render(req,'crm/teachers.html',{'teachers_list':teachers_list})
◆ 权限验证(1)
views 中验证
if not request.user.has_perm('crm.view_teachers_list') return HttpResponse('Forbidden')
◆ 权限验证(2)
Template 中的权限检查
{% if perms.crm.view_teachers_list %} 有权限 {% endif %}
前端权限判断截图如下:
创新互联www.cdcxhl.cn,专业提供香港、美国云服务器,动态BGP最优骨干路由自动选择,持续稳定高效的网络助力业务部署。公司持有工信部办法的idc、isp许可证, 机房独有T级流量清洗系统配攻击溯源,准确进行流量调度,确保服务器高可用性。佳节活动现已开启,新人活动云服务器买多久送多久。
网页名称:Django权限控制初探-创新互联
分享网址:http://ybzwz.com/article/dghoje.html