不管是什么系统,用户权限都是至关重要的。所以我在注册用户的时候,就为他们分了两种权限。一种是普通用户的权限,一种是管理员权限。普通用户在数据库中的value是user,管理员的value是admin。
因为我想设计的系统是只有一位管理员的。所以这里我没有根据角色来进行判断。而是根据他的用户名来判断。管理员的用户名是唯一的,那就是admin。
闲话少说,先把注册用户的代码贴上来
逻辑端:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
@app
.route(
"/adduser"
,methods
=
[
'GET'
,
'POST'
])
def
adduser():
if
request.method
=
=
"GET"
:
username
=
session.get(
"name"
)
return
render_template(
"register.html"
,username
=
username)
#前端post请求,逻辑端通过request.form获取整个表单的值
if
request.method
=
=
"POST"
:
userlist
=
dict
((k,v[
0
])
for
k,v
in
dict
(request.form).items())
userlist[
'password'
]
=
hashlib.md5(userlist[
'password'
]
+
salt).hexdigest()
userlist[
're_password'
]
=
hashlib.md5(userlist[
're_password'
]
+
salt).hexdigest()
if
userlist[
"name"
]
in
[ n.values()[
0
]
for
n
in
get_userlist([
"name"
]) ]:
errmsg
=
"username is exist"
return
json.dumps({
'code'
:
'1'
,
'errmsg'
:errmsg})
if
not
userlist[
"name"
]
or
not
userlist[
"password"
]:
errmsg
=
"username and password is not empty"
return
json.dumps({
'code'
:
'1'
,
'errmsg'
:errmsg})
if
userlist[
"password"
] !
=
userlist[
"re_password"
]:
errmsg
=
"password is error"
return
json.dumps({
'code'
:
'1'
,
'errmsg'
:errmsg})
fields
=
[
"name"
,
"name_cn"
,
"password"
,
"mobile"
,
"email"
,
"role"
,
"status"
]
values
=
[
'%s'
%
userlist[x]
for
x
in
fields]
userdict
=
dict
([(k,values[i])
for
i,k
in
enumerate
(fields)])
add_user(userdict)
return
json.dumps({
'code'
:
'0'
,
'result'
:
"register sucess"
})
|
数据端代码:
1
2
3
4
|
def
add_user(userlist):
sql
=
"insert into users(%s)values('%s')"
%
(
","
.join(userlist.keys()),
"','"
.join(userlist.values()))
curs.execute(sql)
conn.commit()
|
前端代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
...省略
<
div
class
=
"form-group"
>
<
label
for
=
"password"
class
=
"col-sm-2 control-label"
>密码<
span
class
=
"red-fonts"
></
span
></
label
>
<
div
class
=
"col-sm-8"
>
<
input
id
=
"password"
name
=
"password"
placeholder
=
"密码"
type
=
"password"
class
=
"form-control"
>
</
div
>
</
div
>
<
div
class
=
"form-group"
>
<
label
for
=
"password"
class
=
"col-sm-2 control-label"
>确认密码</
label
>
<
div
class
=
"col-sm-8"
>
<
input
id
=
"re_password"
name
=
"re_password"
placeholder
=
"再次确认密码"
type
=
"password"
class
=
"form-control"
>
</
div
>
</
div
>
<
div
class
=
"form-group"
>
<
label
for
=
"role"
class
=
"col-sm-2 control-label"
>角色</
label
>
<
div
class
=
"col-sm-8"
>
<
select
name
=
"role"
>
<
option
value
=
"admin"
class
=
"form-control"
>管理员</
option
>
<
option
value
=
"user"
class
=
"form-control"
>普通用户</
option
>
</
select
>
</
div
>
</
div
>
<
div
class
=
"form-group"
>
<
label
for
=
"status"
class
=
"col-sm-2 control-label"
>状态</
label
>
<
div
class
=
"col-sm-8"
>
<
select
name
=
"status"
>
<
option
value
=
"0"
class
=
"form-control"
>激活</
option
>
<
option
value
=
"1"
class
=
"form-control"
>锁定</
option
>
</
select
>
</
div
>
</
div
>
...省略
|
因为我的前端是从别的地方套用过来的。这里我采用了继承
判断用户权限就在base.html这个模板里面做
1
2
3
4
5
6
|
<
ul
class
=
"nav nav-second-level collapse"
>
<
li
class
=
"group"
><
a
href
=
"/userinfo"
>个人中心</
a
></
li
>
{%if username=='admin'%}
<
li
class
=
"user"
><
a
href
=
"/userlist"
>用户列表</
a
></
li
>
{%endif%}
</
ul
>
|
这里的username 是从逻辑端传到前端的。细心的同学好好看下就知道了
1
2
3
4
5
6
7
8
9
10
|
<
li
id
=
"jasset"
>
<
a
><
i
class
=
"fa fa-inbox"
></
i
> <
span
class
=
"nav-label"
>资产管理</
span
><
span
class
=
"fa arrow"
></
span
></
a
>
{%if username=='admin'%}
<
ul
class
=
"nav nav-second-level collapse"
>
<
li
class
=
"group"
><
a
href
=
"/idc"
>机房管理</
a
></
li
>
<
li
class
=
"asset"
> <
a
href
=
"/cabinet"
>机柜管理</
a
></
li
>
<
li
class
=
"idc"
> <
a
href
=
"/server"
>服务器管理</
a
></
li
>
</
ul
>
{%endif%}
</
li
>
<!-- 资产管理 -->
|
到这里。用户权限就已经做完了
普通用户只可以看到他自己的个人信息。
管理员用户可以看到所有的信息
本文转自 shouhou2581314 51CTO博客,原文链接:http://blog.51cto.com/thedream/1860296,如需转载请自行联系原作者