Python學習路程day19 Python之路,Day19 - Django 進階

Python之路,Day19 - Django 進階

 

本節內容

自定義template tags

中間件

CRSF

權限管理

分頁

 

Django分頁

https://docs.djangoproject.com/en/1.9/topics/pagination/ 

自定義template tags

https://docs.djangoproject.com/es/1.9/howto/custom-template-tags/ 

權限管理

django 自帶有基本的權限管理 ，但粒度和限制權限的維度都只是針對具體的表，若是咱們想根據業務功能來限制權限，那就得本身寫了， 不過也不用徹底本身的寫，咱們能夠在django 自帶的權限基礎上輕鬆的實現擴展。 

本身寫權限要注意：

1. 權限系統的設計對開發者、用戶要實現透明，即他們不須要改變本身原有的使用系統或調用接口的方式
2. 權限要易擴展，靈活
3. 權限要能實現很是小的粒度的控制，甚至細緻到一個按鍵某個用戶是否能按。

想對一個功能實現權限控制，要作到只能過在views方法上加一個裝飾器就好了，好比：

@check_permission
@login_required
def customer_detail(request,customer_id):
    customer_obj = models.Customer.objects.get(id=customer_id)
    customer_form = forms.CustomerDetailForm(instance=customer_obj)
 
    if request.method == 'POST':
        customer_form = forms.CustomerDetailForm(request.POST,instance=customer_obj)
        if customer_form.is_valid():
            customer_form.save()
            parent_base_url = '/'.join(request.path.split('/')[:-2])
            print("url:",parent_base_url )
            return  redirect(parent_base_url)
        else:
            print(customer_form.errors)
    return  render(request,'crm/customer_detail.html',{'customer_form':customer_form})

check_permission的代碼實現

#_*_coding:utf-8_*_
__author__ = 'Alex Li'
from django.core.urlresolvers import resolve
from django.shortcuts import render,redirect

perm_dic = {
    'view_customer_list': ['customer_list','GET',[]],
    'view_customer_info': ['customer_detail','GET',[]],
    'edit_own_customer_info': ['customer_detail','POST',['test']],
}

def perm_check(*args,**kwargs):
    request = args[0]
    url_resovle_obj = resolve(request.path_info)
    current_url_namespace = url_resovle_obj.url_name
    #app_name = url_resovle_obj.app_name #use this name later
    print("url namespace:",current_url_namespace)
    matched_flag = False # find matched perm item
    matched_perm_key = None
    if current_url_namespace is not None:#if didn't set the url namespace, permission doesn't work
        print("find perm...")
        for perm_key in perm_dic:
            perm_val = perm_dic[perm_key]
            if len(perm_val) == 3:#otherwise invalid perm data format
                url_namespace,request_method,request_args = perm_val
                print(url_namespace,current_url_namespace)
                if url_namespace == current_url_namespace: #matched the url
                    if request.method == request_method:#matched request method
                        if not request_args:#if empty , pass
                            matched_flag = True
                            matched_perm_key = perm_key
                            print('mtched...')
                            break #no need looking for  other perms
                        else:
                            for request_arg in request_args: #might has many args
                                request_method_func = getattr(request,request_method) #get or post mostly
                                #print("----->>>",request_method_func.get(request_arg))
                                if request_method_func.get(request_arg) is not None:
                                    matched_flag = True # the arg in set in perm item must be provided in request data
                                else:
                                    matched_flag = False
                                    print("request arg [%s] not matched" % request_arg)
                                    break #no need go further
                            if matched_flag == True: # means passed permission check ,no need check others
                                print("--passed permission check--")
                                matched_perm_key = perm_key
                                break

    else:#permission doesn't work
        return True

    if matched_flag == True:
        #pass permission check
        perm_str = "crm.%s" %(matched_perm_key)
        if request.user.has_perm(perm_str):
            print("\033[42;1m--------passed permission check----\033[0m")
            return True
        else:
            print("\033[41;1m ----- no permission ----\033[0m")
            print(request.user,perm_str)
            return False
    else:
        print("\033[41;1m ----- no matched permission  ----\033[0m")
def check_permission(func):

    def wrapper(*args,**kwargs):
        print("---start check perms",args[0])
        if not perm_check(*args,**kwargs):
            return render(args[0],'crm/403.html')
        return func(*args,**kwargs)
        #print("---done check perms")
    return wrapper

50行實現細粒度的權限控制

Middleware中間件 

https://docs.djangoproject.com/es/1.9/topics/http/middleware/#process_request