權限管理系統

    1、建立modelcss

from django.db import models

# Create your models here.
class Access(models.Model):
title=models.CharField(max_length=32,verbose_name='權限名')
url=models.CharField(max_length=64,verbose_name='URL')
code=models.CharField(max_length=32,verbose_name='代碼')
group=models.ForeignKey(to='Group',verbose_name='所屬權限組')
menu_group=models.ForeignKey(to='Access',related_name='menu_gp',verbose_name='組內菜單',null=True,blank=True)
class Meta:
verbose_name_plural='權限表'

def __str__(self):
return self.title

class Role(models.Model):
title=models.CharField(max_length=64,verbose_name='角色名')
access=models.ManyToManyField(to='Access',verbose_name='角色權限')
class Meta:
verbose_name_plural='角色表'

def __str__(self):
return self.title

class User(models.Model):
username=models.CharField(max_length=32,verbose_name='用戶名')
password=models.CharField(max_length=32,verbose_name='密碼')
email=models.EmailField(max_length=32,verbose_name='郵箱')
role=models.ManyToManyField(to='Role',verbose_name='用戶角色')
class Meta:
verbose_name_plural='用戶表'

def __str__(self):
return self.username

class Group(models.Model):
title=models.CharField(max_length=32,verbose_name='權限組名')
menu=models.ForeignKey(to='Menu',verbose_name='所屬菜單')
class Meta:
verbose_name_plural='權限組表'

def __str__(self):
return self.title

class Menu(models.Model):
'''
菜單表
'''
title=models.CharField(max_length=32,verbose_name='菜單名')
class Meta:
verbose_name_plural='菜單表'

def __str__(self):
return self.title

 

 

    2、經過admin管理modelhtml

from django.contrib import admin from . import models # Register your models here.
#在admin中註冊自定義model,/admin路徑訪問admin頁面 admin.site.register(models.User) admin.site.register(models.Role)
admin.site.register(models.Access)
admin.site.register(models.User)
admin.site.register(models.Group)
admin.site.register(models.Role)
admin.site.register(models.Menu)

 

 

      3、編寫模塊獲取用戶具備的權限jquery

#該模塊在登錄的視圖函數中使用
from django.conf import settings
def init_access(request,user):
access_dicts=user.role.values(
'access__id',
'access__title',
'access__url',
'access__code',
'access__group__id',
'access__menu_group',
'access__group__menu__id',
'access__group__menu__title'
)

#結構化權限數據
url_list=[]
for access_dict in access_dicts:
dict={
'access_id':access_dict['access__id'],
'access_title':access_dict['access__title'],
'url':access_dict['access__url'],
'menu_title':access_dict['access__group__menu__title'],
'menu_id':access_dict['access__group__menu__id'],
'menu_gp_id':access_dict['access__menu_group'],
'active':False
}
url_list.append(dict)
request.session[settings.ACCESS_MENU_KEY]=url_list

# #獲取用戶全部的權限代碼
result={}
for access_dict in access_dicts:
group_id=access_dict['access__group__id']
code=access_dict['access__code']
url=access_dict['access__url']
if group_id in result:
result[group_id]['codes'].append(code)
result[group_id]['urls'].append(url)
else:
result[group_id]={
'codes':[code,],
'urls':[url,]
}
request.session[settings.ACCESS_DICT_KEY]=result
 

 

     4、建立中間件,驗證用戶權限django

import re

from django.shortcuts import HttpResponse,redirect
from django.conf import settings
class MiddlewareMixin(object):
def __init__(self, get_response=None):
self.get_response = get_response
super(MiddlewareMixin, self).__init__()

def __call__(self, request):
response = None
if hasattr(self, 'process_request'):
response = self.process_request(request)
if not response:
response = self.get_response(request)
if hasattr(self, 'process_response'):
response = self.process_response(request, response)
return response

class AuthLoginMiddleware(MiddlewareMixin):
def process_request(self,request):
current_url=request.path_info
valid_url=settings.VALID_ACCESS

for url in valid_url:
if re.match(url,current_url):
return None
access_dict = request.session.get(settings.ACCESS_DICT_KEY)
if not access_dict:
return redirect('/rbac/login')

flag=False
for group_id,code_url in access_dict.items():
for url in code_url['urls']:
regex='^{0}$'.format(url)
print(regex,current_url)
if re.match(regex,current_url):
request.access_code_list=code_url['codes']
flag=True
break
if flag:
break
if not flag:
return HttpResponse('無權訪問')

 

    5、配置文件設置session

in settings.py #添加以下配置
ACCESS_MENU_KEY='access_menu'
ACCESS_DICT_KEY='access_dict'
VALID_ACCESS=(
'/rbac/login',
'/admin.*',
'^$'
)

 

    6、業務應用的views.pyapp

def login(request):
if request.method=='GET':
return render(request,'login.html')
elif request.method=='POST':
username=request.POST.get('username')
password=request.POST.get('password')
user=models.User.objects.filter(username=username,password=password).first()
if not user:
return redirect('/rbac/login')
else:
init_access(request,user)
return redirect('/rbac/userinfo')


class BasePageAccess:
def __init__(self,code):
self.code=code
def has_add(self):
if 'add' in self.code:
return True
def has_edit(self):
if 'edit' in self.code:
return True
def has_delete(self):
if 'delete' in self.code:
return True

def userinfo(request):
page_access=BasePageAccess(request.access_code_list)
user_objs=models.User.objects.all()
return render(request,'userinfo.html',{'page_access':page_access,'user_objs':user_objs})

def userinfo_add(request):
if request.method=='GET':
return render(request,'userinfo_add.html')

 

       自定義模板標籤ide

import re
from django.template import Library
from django.conf import settings
register = Library()

@register.inclusion_tag('menu.html')
def rbac_menu(request):
access_menu_dict=request.session.get(settings.ACCESS_MENU_KEY)
current_url = request.path_info

menu_dict={}
for access in access_menu_dict:
menu_gp_id=access['menu_gp_id']
if not menu_gp_id:
menu_dict[access['access_id']]=access

for access_dict in access_menu_dict:
menu_gp_id=access_dict['menu_gp_id']
url=access_dict['url']
regex='^{0}$'.format(url)
if re.match(regex,current_url):
if menu_gp_id:
menu_dict[menu_gp_id]['active']=True
else:
menu_dict[access_dict['access_id']]['active']=True

result={}
for k,url_dict in menu_dict.items():
active=url_dict['active']
menu_id=url_dict['menu_id']
if menu_id in result:
result[menu_id]['children']={'title':url_dict['access_title'],'url':url_dict['url'],'active':active}
if active:
result[menu_id]['active']=True
else:
result[menu_id]={
'menu_id':menu_id,
'menu_title':url_dict['menu_title'],
'active':active,
'children':[{
'title':url_dict['access_title'],
'url':url_dict['url'],
'active':active
},]
}
return {'result':result}

 

      模板函數

<!--menu.html-->
{% for k,item in result.items %}
<div>
<div class="menu-item ">{{ item.menu_title }}</div>
{% if item.active %}
<div>
{% else %}
<div class="hide">
{% endif %}
{% for v in item.children %}
{% if v.active %}
<div><a href="{{ v.url }}" class="selected">{{ v.title }}</a></div>
{% else %}
<div><a href="{{ v.url }}">{{ v.title }}</a></div>
{% endif %}
{% endfor %}
</div>
</div>
{% endfor %}
<!--basepage.html--> 
{% load rbac %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Title</title>
<link rel="stylesheet" href="/static/rbac/rbac.css">
<script src="/static/rbac/jquery-3.2.1.min.js"></script>
<script src="/static/rbac/rbac.js"></script>
</head>
<body>
{% rbac_menu request %}
<div class="content">
{% block content %}
{% endblock content %}
</div>
</body>
</html>
<!--userinfo.html-->
{% extends 'basepage.html' %}
{% block content %}
{% if page_access.has_add %}
<a href="/rbac/userinfo/add">添加</a>
{% endif %}
<table>
<thead>
<tr>
<th>#</th>
<th>姓名</th>
<th>郵箱</th>
<th>職務</th>
<th>操做</th>
</tr>
</thead>
<tbody>
{% for user_obj in user_objs %}
<tr>
<td>{{ forloop.counter }}</td>
<td>{{ user_obj.username }}</td>
<td>{{ user_obj.email }}</td>
<td>{% for role in user_obj.role.all %}{{ role.title }} {% endfor %}</td>
<td>
{% if page_access.has_edit %}
<a href="/rbac/userinfo/edit/{{ user_obj.id }}">編輯</a>
{% endif %}
{% if page_access.has_delete %}
<a href="/rbac/userinfo/delete/{{ user_obj.id }}">刪除</a>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
{% endblock content %}
<!---userinfo_add.html->
{% extends 'basepage.html' %}
{% block content %}
<form method="post">
{% csrf_token %}
<input type="text" name="username" placeholder="用戶名">
<input type="email" name="email" placeholder="郵箱">
<input type="password" name="password" placeholder="密碼">
<input type="password" name="repeat-pwd" placeholder="確認密碼">
<input type="submit" value="註冊">
</form>
{% endblock content %}

 

     css文件oop

.hide {
display: none;
}
.selected {
color: red;
}
.content {
width: 80%;
position: fixed;
left:100px;
top:10px
}

 

    js文件post

 
 
$(document).ready(function () {
var menu_div=$('.menu-item');
menu_div.click(function () {
if ($(this).next().hasClass('hide')) {
$(this).next().removeClass('hide')
}else {
$(this).next().addClass('hide')
}
});
});
相關文章
相關標籤/搜索