Django 權限控制配置步驟
1.models下面添加權限控制信息:
class UserProfile(models.Model):
user = models.OneToOneField(User)
name = models.CharField(u"姓名",max_length=32)
def __str__(self):
return self.name
class Meta:
permissions = (('view_customer_list',u'能夠查看用戶信息'),
('view_customer_info',u'能夠查看客戶詳細信息'),
('edit_own_customer_info',u'能夠修改本身的客戶信息'),
)
2.配置別名關聯的URL:
url(r'^mod_customers/(\d+)/$', views.mod_customers, name='customer_detail'),
3.app下建立權限文件,根據配置的URL修改permissions.py:
from django.core.urlresolvers import resolve
from django.shortcuts import render
perm_dic = { #第一個參數是URL,第二個是請求方法,最後是參數
'view_customer_list': ['customer_list','GET',[]],
# 'view_customer_info': ['customer_detail','GET',[]],
'edit_own_customer_info': ['customer_detail','POST',['test']],
'view_staff_list': ['staff_list','GET',[]],
}
4.前端配置別名url的a標籤:
<td style="text-align:center"><a href="{% url 'customer_detail' student.id %}">{{ student.id }}</a></td>
5.permission文件下添加裝飾器:
def check_permission(func): #將函數自身func傳入
def wrapper(*args,**kwargs): #若是有參數args,kwargs
print("start check permission")
if perm_check(*args,**kwargs) is not True:#沒權限
return render(args[0],'no_permission.html')
perm_check(*args,**kwargs) #在執行函數以前,檢查是否有權限
return func(*args,**kwargs) #執行被裝飾的函數
return wrapper
6.將權限與限制關聯,permission文件下:
def perm_check(*args,**kwargs):
request = args[0]
url_resovle_obj = resolve(request.path_info) #resolve將域名解析爲URL的別名
current_url_namespace = url_resovle_obj.url_name #獲取URL別名
#app_name = url_resovle_obj.app_name #use this name later
print("url namespace:",current_url_namespace)
matched_flag = False # find matched perm item
matched_perm_key = None
if current_url_namespace is not None:#if didn't set the url namespace, permission doesn't work
print("find perm...")
for perm_key in perm_dic:
perm_val = perm_dic[perm_key]
if len(perm_val) == 3:#otherwise invalid perm data format
url_namespace,request_method,request_args = perm_val
print(url_namespace,current_url_namespace)
if url_namespace == current_url_namespace: #matched the url
if request.method == request_method:#matched request method
if not request_args:#if empty , pass
matched_flag = True
matched_perm_key = perm_key
print('mtched...')
break #no need looking for other perms
else:
for request_arg in request_args: #might has many args
request_method_func = getattr(request,request_method) #get or post mostly
#print("----->>>",request_method_func.get(request_arg))
if request_method_func.get(request_arg) is not None:
matched_flag = True # the arg in set in perm item must be provided in request data
else:
matched_flag = False
print("request arg [%s] not matched" % request_arg)
break #no need go further
if matched_flag == True: # means passed permission check ,no need check others
print("--passed permission check--")
matched_perm_key = perm_key
break
else:#permission doesn't work
return True
if matched_flag == True:
#pass permission check
perm_str = "crm.%s" %(matched_perm_key)
if request.user.has_perm(perm_str):
print("\033[42;1m--------passed permission check----\033[0m")
return True
else:
print("\033[41;1m ----- no permission ----\033[0m")
print(request.user,perm_str)
return False
else:
print("\033[41;1m ----- no matched permission ----\033[0m")
7.在想要權限限制的方法前,添加@check_permission裝飾器:
@check_permission
def staff(request):
if request.method == 'POST':
staff_obj = User.objects.all()
return render(request,'staff.html',{'staff_obj':staff_obj})
相關文章
- 1. Django用戶權限控制
- 2. Django 權限控制初探
- 3. Django Rest Framework --權限控制
- 4. 配置ODOO12安全權限控制
- 5. 我對Django權限控制的理解
- 6. kafkaoffsetmonitor監控配置步驟
- 7. 權限控制
- 8. yii2 rbac權限控制詳細操做步驟
- 9. django 權限設置
- 10. Android權限申請步驟
- 更多相關文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 環境配置 - Maven教程
- • Docker容器實戰(六) - 容器的隔離與限制
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Django用戶權限控制
- 2. Django 權限控制初探
- 3. Django Rest Framework --權限控制
- 4. 配置ODOO12安全權限控制
- 5. 我對Django權限控制的理解
- 6. kafkaoffsetmonitor監控配置步驟
- 7. 權限控制
- 8. yii2 rbac權限控制詳細操做步驟
- 9. django 權限設置
- 10. Android權限申請步驟