from django .conf import settings 進入settingshtml
settings = LazySettings() 進入LazySettings前端
在LazySettings中引用了global_settingsdjango
Session的默認過時時間爲14天:SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2session
設置爲10秒鐘SESSION_COOKIE_AGE = 10app
class ConsultRecord(models.Model):
customer = models.ForeignKey('Customer',on_delete=models.CASCADE)
note = models.TextField(verbose_name="跟進內容")
consultant=models.ForeignKey("UserInfo",on_delete=models.CASCADE,limit_choices_to={"pk",3})網站
正常狀況下modelform在渲染前端頁面時,有ForeignKey的字段默認會渲染關聯表中的全部選項,可是在實際生產中,有時不會須要顯示全部選項,如在crm中,添加跟進記錄時,不須要讓銷售從全部的銷售中選擇一我的,只需固定顯示當前登陸的銷售便可,此處的limit_choices_to至關於UserInfo.objects.filter(pk=3)this
Web網站的訪問限制url
(1).簡單方案:spa
用戶表code
1 Id name 2 3 1 a1 4 5 2 a2
權限表
1 Id use url title 2 3 1 a /index/ 主頁 4 5 2 a /customer/ 查看客戶 6 7 3 a /customer_add/ 添加 8 9 4 b /index/ 主頁
此方案的弊端:每次建立用戶都要添加多條數據,浪費時間和空間
(2).方案二(RBAC:role based access control)基於角色的訪問控制權限
用戶表
1 Id name 2 3 1 a1 4 5 2 a2
多對多user2role表
Id user_id role_id
1 1 3
1 2 3
角色表
Id title 1 ceo 2 銷售
多對多role2permission
Id role_id permission
1 3 1
1 3 2
1 3 3
1 3 4
權限表permission
Id use url title 1 a /index/ 主頁 2 a /customer/ 查看客戶 3 a /customer_add/ 添加 4 b /index/ 主頁
想讓每個實例顯示的內容更豐富一些
(1) 改變模型類的__str__方法的內容
def __str__(self):
return self.title
(2)在admin.py中添加對用的約束顯示內容的類
1 class PermissionConfig(admin.ModelAdmin): 2 list_display=["pk","title","url"] #顯示哪幾列 3 ordering = ["pk"] #按照哪一種規則排序 4 admin.site.register(Permission,PermissionConfig)
替代admin.site.register(Permission)
在models.py中:
1 from django.db import models 2 3 class User(models.Model): 4 name=models.CharField(max_length=32) 5 pwd=models.CharField(max_length=32) 6 roles=models.ManyToManyField(to="Role") 7 def __str__(self): 8 return self.name 9 10 class Role(models.Model): 11 title=models.CharField(max_length=32) 12 permissions=models.ManyToManyField(to="Permission") 13 def __str__(self): 14 return self.title 15 16 class Permission(models.Model): 17 title=models.CharField(max_length=32) 18 url=models.CharField(max_length=32) 19 def __str__(self): 20 return self.title
1 def customer(request): 2 return HttpResponse("this is customer.") 3 4 def addcustomer(request,id): 5 return HttpResponse("this is addcustomer.") 6 7 def editcustomer(request,id): 8 return HttpResponse("this is editcustomer.") 9 10 def delecustomer(request,id): 11 return HttpResponse("this is customer.") 12 13 def product(request): 14 return HttpResponse("this is product.") 15 16 def addproduct(request,id): 17 return HttpResponse("this is addproduct.") 18 19 def editproduct(request,id): 20 return HttpResponse("this is editproduct.") 21 22 def deleproduct(request,id): 23 return HttpResponse("this is deleproduct.")
若是利用admin組件添加,在admin.py中:
1 from django.contrib import admin 2 3 from app01.models import * 4 admin.site.register(User) 5 admin.site.register(Role) 6 class PermissionConfig(admin.ModelAdmin): 7 list_display=["pk","title","url"] #顯示哪幾列 8 ordering = ["-pk"] #按照哪一種規則排序 9 10 admin.site.register(Permission,PermissionConfig)
1 def login(request): 2 if request.method=="GET": 3 return render(request,"login.html") 4 else: 5 user=request.POST.get("user") 6 pwd=request.POST.get("pwd") 7 use=User.objects.filter(name=user,pwd=pwd).first() 8 if use: 9 request.session["user_id"]=use.pk 10 11 #注入session用來判斷是否登陸 12 permissions__url=Role.objects.filter(user__name=user).values("permissions__url") 13 #判斷登陸人的角色,根據角色查找權限 14 permissions__url_list=[] 15 for item in permissions__url: 16 print(item["permissions__url"]) 17 permissions__url_list.append(item["permissions__url"]) 18 request.session["permission"]=permissions__url_list 19 20 #把權限放到列表中,注入session中 21 return HttpResponse("登陸成功") 22 else: 23 return HttpResponse("用戶名或密碼錯誤")
在自定義的中間件中:
1 import re 2 from django.utils.deprecation import MiddlewareMixin 3 from django.shortcuts import HttpResponse,redirect 4 class SessionMiddleware(MiddlewareMixin): 5 def process_request(self, request): 6 path=request.path 7 permission=request.session.get("permission") 8 # 白名單 9 for reg in ["/login/","/admin/*"]: 10 11 #以admin開頭的路徑問題 12 ret=re.search(reg,path) 13 if ret: 14 return None 15 # 判斷是否登陸 16 user_id=request.session.get("user_id") 17 if not user_id: 18 return redirect("/login/") 19 # 校驗權限 20 for reg in permission: 21 reg="^%s$" % reg 22 ret=re.search(reg,path) 23 if ret: 24 return None 25 return HttpResponse("無權訪問")
不要忘了將中間件的路徑告訴配置文件
1 MIDDLEWARE = [ 2 'django.middleware.security.SecurityMiddleware', 3 'django.contrib.sessions.middleware.SessionMiddleware', 4 'django.middleware.common.CommonMiddleware', 5 'django.middleware.csrf.CsrfViewMiddleware', 6 'django.contrib.auth.middleware.AuthenticationMiddleware', 7 'django.contrib.messages.middleware.MessageMiddleware', 8 'django.middleware.clickjacking.XFrameOptionsMiddleware', 9 "app01.permission_middleware.SessionMiddleware", 10 ]