通过django默认的权限管理来管理权限即可,我们在基础上进行一些第三方扩展
下面给出一个权限控制的示例,这里url路径转发的时候需要添加默认的 别名,我们需要修改的也是这些别名
models.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
class
UserProfile(models.Model):
user
=
models.OneToOneField(User)
name
=
models.CharField(max_length
=
64
)
school
=
models.ForeignKey(
'School'
)
def
__unicode__(
self
):
return
self
.name
class
Meta:
permissions
=
((
'view_customer_list'
, u
"可以查看客户列表"
),
(
'view_customer_info'
,u
"可以查看客户详情"
),
(
'edit_own_customer_info'
,u
"可以修改自己的客户信息"
),
(
'view_teacher_list'
,u
"可以查看老师列表"
),
(
'view_school_list'
,u
"可以查看学校列表"
),
)
|
permissions.py 这边采取的是装饰的写法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# -*- coding:utf-8 -*-
# Author:Alex Li
from
django.core.urlresolvers
import
resolve
from
django.shortcuts
import
render
perm_dic
=
{
'view_customer_list'
: [
'customer_list'
,
'GET'
,[]],
'view_customer_info'
: [
'customer_detail'
,
'GET'
,[]],
''''''
'''后端参数'''
'edit_own_customer_info'
: [
'customer_detail'
,
'POST'
,[]],
}
def
perm_check(
*
args,
*
*
kwargs):
request
=
args[
0
]
url_resovle_obj
=
resolve(request.path_info)
current_url_namespace
=
url_resovle_obj.url_name
#app_name = url_resovle_obj.app_name #use this name later
print
(
"url namespace:"
,current_url_namespace)
matched_flag
=
False
# find matched perm item
matched_perm_key
=
None
if
current_url_namespace
is
not
None
:
#if didn't set the url namespace, permission doesn't work
print
(
"find perm..."
)
for
perm_key
in
perm_dic:
perm_val
=
perm_dic[perm_key]
if
len
(perm_val)
=
=
3
:
#otherwise invalid perm data format
url_namespace,request_method,request_args
=
perm_val
print
(url_namespace,current_url_namespace)
if
url_namespace
=
=
current_url_namespace:
#matched the url
if
request.method
=
=
request_method:
#matched request method
if
not
request_args:
#if empty , pass
matched_flag
=
True
matched_perm_key
=
perm_key
print
(
'mtched...'
)
break
#no need looking for other perms
else
:
for
request_arg
in
request_args:
#might has many args
request_method_func
=
getattr
(request,request_method)
#get or post mostly
#print("----->>>",request_method_func.get(request_arg))
if
request_method_func.get(request_arg)
is
not
None
:
matched_flag
=
True
# the arg in set in perm item must be provided in request data
else
:
matched_flag
=
False
print
(
"request arg [%s] not matched"
%
request_arg)
break
#no need go further
if
matched_flag
=
=
True
:
# means passed permission check ,no need check others
print
(
"--passed permission check--"
)
matched_perm_key
=
perm_key
break
else
:
#permission doesn't work
'''这边如果 没有定义url别名的话,那么为了避免影响全局,就让它默认就有权限'''
return
True
if
matched_flag
=
=
True
:
#pass permission check
perm_str
=
"crm.%s"
%
(matched_perm_key)
#crm.view_customer_list
if
request.user.has_perm(perm_str):
print
(
"\033[42;1m--------passed permission check----\033[0m"
)
return
True
else
:
print
(
"\033[41;1m ----- no permission ----\033[0m"
)
print
(request.user,perm_str)
return
False
else
:
print
(
"\033[41;1m ----- no matched permission ----\033[0m"
)
'''所有的为空的情况,也没有放过'''
return
False
def
check_permission(func):
def
wrapper(
*
args,
*
*
kwargs):
print
(
'---start check perm---'
)
if
perm_check(
*
args,
*
*
kwargs)
is
not
True
:
#no permisssion
return
render(args[
0
],
'crm/403.html'
)
return
func(
*
args,
*
*
kwargs)
return
wrapper
|
views.py
1
2
3
4
5
6
|
'''这块也在前端做了下权限划分的显示,成功了'''
@login_required
@check_permission
def
teachers(req):
teachers_list
=
models.UserProfile.objects.
all
()
return
render(req,
'crm/teachers.html'
,{
'teachers_list'
:teachers_list})
|
◆ 权限验证(1)
views 中验证
1
2
|
if
not
request.user.has_perm(
'crm.view_teachers_list'
)
return
HttpResponse(
'Forbidden'
)
|
◆ 权限验证(2)
Template 中的权限检查
1
2
3
|
{
%
if
perms.crm.view_teachers_list
%
}
有权限
{
%
endif
%
}
|
前端权限判断截图如下:
本文转自 sjfbjs 51CTO博客,原文链接:http://blog.51cto.com/11886896/2063972