RBAC在Django中基于中间件的AJAX应用案例
2024-08-26 13:46:06
项目文件:
models.py
from django.db import models
from django.contrib.auth.models import AbstractUser
# Create your models here. class UserInfo(AbstractUser):
role=models.ManyToManyField(to='Role',verbose_name='角色',null=True,blank=True)
def __str__(self):
if self.role:
return f'{self.username}({self.role.name})'
else:
return f'{self.username}(未分配)' class Role(models.Model):
name=models.CharField(max_length=32,verbose_name='角色名称')
permission=models.ManyToManyField(to='Permission',verbose_name='权限')
def __str__(self):
return self.name class Permission(models.Model):
name=models.CharField(max_length=32,verbose_name="权限")
url=models.CharField(max_length=64,verbose_name='url')
def __str__(self):
return self.name
models.py
middlewares.py(自定义中间件)
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import redirect,HttpResponse
import re
class AuthPerminssion(MiddlewareMixin):
def process_request(self,request):
url=['/admin/.*','/register/','/login/']
for i in url:
if re.match(i, request.path):
return None
else:
if request.user.is_authenticated: for url in request.session.get('permission'):
print(request.path)
print(request.session.get('permission'))
if re.match(f'{url}$',request.path):
#if re.search(f'^{url}$',request.path):
return None
else:
return HttpResponse('无权访问!')
else:
return redirect('login')
middlewares.py
settings.py(中间件注册和auth表指定)
MIDDLEWARE=[
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'app01.middlewares.AuthPerminssion',
] AUTH_USER_MODEL='app01.UserInfo'#配置自定义auth认真表 STATIC_URL='/static/'
STATICFILES_DIRS=[
os.path.join(BASE_DIR,'static_files')
]
settings.py
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^register/', views.Register.as_view(), name='register'),
url(r'^login/', views.Login.as_view(), name='login'), url(r'^order/$', views.order, name='order'),
url(r'^order/add/', views.addorder, name='addorder'),
url(r'^order/edit/(\d+)', views.editorder, name='editorder'),
url(r'^order/delete/(\d+)', views.deleteorder, name='deleteorder'), url(r'^customer/$', views.customer, name='customer'),
url(r'^customer/add/', views.addcustomer, name='addcustomer'),
url(r'^customer/edit/(\d+)', views.editcustomer, name='editcustomer'),
url(r'^customer/delete/(\d+)', views.deletecustomer, name='deletecustomer'), ]
urls.py
form.py(自定义form组件)
from app01 import models
from django import forms
from django.core.exceptions import ValidationError #注册form
class RegisterForm(forms.Form):
name = forms.CharField(label='用户名',max_length=12, min_length=8,required=True,
error_messages={
'max_length':'用户名不能多于12个字符',
'min_length':'用户名不能少于8个字符!',
'required':'用户名不能为空!',
},# widget=forms.TextInput(attrs={'type':'text','class':'form-control'}) ) password=forms.CharField(label='密码',max_length=8,min_length=6required=True,
error_messages={
'max_length': '密码不能多于8个字符',
'min_length': '密码不能少于6个字符!',
'required': '密码不能为空!',
},
widget=forms.PasswordInput(attrs={},render_value=True) )
r_password = forms.CharField( label='确认密码', max_length=8, min_length=6, required=True,
error_messages={
'max_length': '密码不能多于8个字符',
'min_length': '密码不能少于6个字符!',
'required': '密码不能为空!',
}, widget=forms.PasswordInput(attrs={},render_value=True) )
def clean_name(self):
if models.UserInfo.objects.filter(username=self.cleaned_data.get('name')):
raise ValidationError('当前用户已存在!')
else:
return self.cleaned_data.get('name')
def clean(self):
pwd=self.cleaned_data.get('password')
r_ped=self.cleaned_data.get('r_password')
if pwd!=r_ped:
self.add_error('r_password','两次密码输入不一致!')
else:
return self.cleaned_data
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
for field in self.fields.values():
field.widget.attrs.update({'class': 'form-control'}) #登录modelform
class LoginModelForm(forms.ModelForm):
class Meta:
model=models.UserInfo
fields=['username','password']
labels={ 'username':'用户名','password':'密码'}
error_messages={'username':{'required':'用户名不能为空!'},
'password':{'required':'密码不能为空!'},},
widgets={'password':forms.PasswordInput(),}
def __init__(self,*args,**kwargs):
super().__init__(*args,**kwargs)
for field in self.fields:
self.fields[field].widget.attrs.update({'class': 'form-control'})
form.py
views.py
from django.shortcuts import render,HttpResponse
from django.views import View
from app01.form import RegisterForm,LoginModelForm
from django.contrib import auth
from app01.models import UserInfo,Permission # Create your views here. class Register(View):
def get(self,request):
register_formobj=RegisterForm()
return render(request,'register.html',{'register_formobj':register_formobj,})
def post(self,request):
register_obj=RegisterForm(request.POST)
if register_obj.is_valid():
print(register_obj.cleaned_data)
name=register_obj.cleaned_data.get('name')
pwd=register_obj.cleaned_data.get('password')
user_obj=UserInfo.objects.create_user(username=name,password=pwd)
return HttpResponse('ok')
else:
return render(request,'register.html',{'register_formobj':register_obj,})
class Login(View):
def get(self,request):
login_formobj=LoginModelForm()
return render(request,'login.html',{'login_formobj':login_formobj})
def post(self,request):
print(request.POST)
user_obj = auth.authenticate(username=request.POST.get('username'),password=request.POST.get('password'))
if user_obj:
auth.login(request, user_obj)
permission_url_list=[i.url for i in Permission.objects.filter(role__userinfo__pk=request.user.pk)]
request.session['permission']=permission_url_list
return HttpResponse('login successed!')
else:
return HttpResponse('login failed!') def order(request):
return HttpResponse('order...')
def addorder(request):
return HttpResponse('addorder...')
def editorder(request,pk):
return HttpResponse('editorder...')
def deleteorder(request,pk):
return HttpResponse('deleteorder...') def customer(request):
return HttpResponse('customer...')
def addcustomer(request):
return HttpResponse('addcustomer...')
def editcustomer(request,pk):
return HttpResponse('editcustomer...')
def deletecustomer(request,pk):
return HttpResponse('deletecustomer...')
views.py
Templates
register.html
{% load static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="{% static 'bootstrap-3.3.7-dist/css/bootstrap.min.css' %}">
<title>注册</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-xs-4 col-xs-offset-4">
<form action="" method="post" novalidate>
{% for field in register_formobj %}
<div class="form-group">
<label for="{{ field.id_for_label }}">{{ field.label }}</label>
{{ field }}
<span class="text-danger">{{ field.errors.0 }}</span>
</div>
{% endfor %}
{% csrf_token %}
<input type="submit" class="btn btn-primary pull-right" value="注册">
</form>
</div>
</div>
</div>
</body>
<script src="{% static 'jquery-3.4.1.js' %}"></script>
<script src="{% static 'jquery-cookie-1.4.1.js' %}"></script>
<script src="{% static 'bootstrap-3.3.7-dist/js/bootstrap.min.js' %}"></script>
</html>
register.html
login.html
{% load static %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" href="{% static 'bootstrap-3.3.7-dist/css/bootstrap.min.css' %}">
<title>login</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-xs-4 col-xs-offset-4">
<form action="" method="post" novalidate>
{% for field in login_formobj %}
<div class="form-group">
<label for="{{ field.id_for_label }}">{{ field.label }}</label>
{{ field }}
<span class="text-danger">{{ field.errors.0 }}</span>
</div>
{% endfor %}
{% csrf_token %}
<input type="submit" class="btn btn-primary pull-right" value="登录">
</form>
</div>
</div>
</div>
</body>
<script src="{% static 'jquery-3.4.1.js' %}"></script>
<script src="{% static 'bootstrap-3.3.7-dist/js/bootstrap.min.js' %}"></script>
</html>
login.html
最新文章
- 新手学习web遇到的一些乱码问题
- Chp11 11.7
- redmine中创建项目与跟踪标签(原创)
- PHP的学习--cookie和session
- HAProxy 实践(一)
- android_permission权限大全
- Linux常用命令_(文件操作)
- IOS笔记 1
- c# 根据窗口截图,合并图片
- [Javascript]3. Improve you speed! Performance Tips
- 浅谈UE4引擎
- 演示如何通过 web api 上传文件MVC40
- List<KeyValuePair<TKey,TValue>> 与 Dictionary<TKey,TValue> 不同
- Requests抓取有道翻译结果
- evak购物车-课程设计(201521123034陈凯欣)
- Opencv在mac系统的安装与试用
- ●POJ poj 2112 Optimal Milking
- 我所不知道的Makefile语法
- 关于python列表和元组的基本操作
- 【Java每日一题】20170214