最初版本
from django.db import models
# Create your models here.
# 用户表
class UserInfo(models.Model):
nid = models.AutoField(primary_key=True)
username = models.CharField(max_length=32)
password = models.CharField(max_length=32)
roles = models.ManyToManyField(to="Role")
def __str__(self):
return self.username
# 角色表
class Role(models.Model):
nid = models.AutoField(primary_key=True)
title = models.CharField(max_length=32)
permissions = models.ManyToManyField(to="Permission")
def __str__(self):
return self.title
# 权限表
class Permission(models.Model):
nid = models.AutoField(primary_key=True)
title = models.CharField(max_length=32)
url = models.CharField(max_length=64)
def __str__(self):
return self.title
class ValidPermission(MiddlewareMixin):
def process_request(self, request):
# 获取用户输入的url
current_path = request.path_info
# 白名单
vail_list = ['/login/', '/reg/', '/admin/.*']
for url in vail_list:
ret = re.search(url, current_path)
if ret:
return None
# 校验用户是否登录
user_id = request.session.get("user_id")
if not user_id:
return redirect("/login/")
# 校验用户的权限
permission_list = request.session.get("permission_list", [])
# print("权限", permission_list)
for permission in permission_list:
permission = '^{}$'.format(permission)
# print(permission, type(permission))
ret = re.search(permission, current_path)
if ret:
return None
return HttpResponse("没有权限")
def init_permission(user_obj, request):
# 查询url并 去重
permission = user_obj.roles.all().values("permissions__url").distinct()
# 将QuerySet中的url 存放在列表中
permission_list = []
for url in permission:
val = url['permissions__url']
# print(val)
permission_list.append(val)
# print(permission_list)
# print(permission)
# 注册权限列表
request.session["permission_list"] = permission_list
# 登录
def login(request):
if request.method == "POST":
user = request.POST.get("username")
pwd = request.POST.get("password")
# print(user, pwd)
# 判断输入的用户名、密码是否在数据库中
user_obj = models.UserInfo.objects.filter(username=user, password=pwd).first()
# print(user_obj)
if user_obj:
# 注册用户
request.session["user_id"] = user_obj.pk
# 和权限有关的提取
init_permission(user_obj, request)
return HttpResponse("登录成功")
return render(request, "login.html")
# 查看用户信息
def show_user(request):
# 使用中间件
"""
user_id = request.session.get("user_id")
if user_id:
user_list = models.UserInfo.objects.all()
return render(request, "show_user.html", {"user_list": user_list})
return redirect("/login/")
"""
permission_list = request.session.get("permission_list", [])
user_list = models.UserInfo.objects.all()
user_id = request.session.get("user_id")
user_obj = models.UserInfo.objects.filter(nid=user_id).first()
return render(request,
"show_user.html",
{
"user_list": user_list,
"permission_list": permission_list,
"user_obj": user_obj,
})
# 增加用户
def add_user(request):
# 用中间件处理
"""
user_id = request.session.get("user_id")
if user_id:
# 当前用户权限的url
permission_list = request.session.get("permission_list", [])
print("权限", permission_list)
# 当前url输入的路径
current_path = request.path_info
print(current_path)
is_flag = False
for permission in permission_list:
permission = '^{}$'.format(permission)
# print(permission, type(permission))
ret = re.search(permission, current_path)
print(ret)
if ret:
is_flag = True
print(is_flag)
if is_flag:
return HttpResponse("增加用户")
else:
return HttpResponse("没有权限")
return redirect("/login/")
"""
return HttpResponse("增加用户")
# 编辑用户
def change_user(request, id):
# 中间件
return HttpResponse("编辑用户{}".format(id))
# 删除用户
def delete_user(request, id):
return HttpResponse("删除用户{}".format(id))
# 查看角色信息
def show_role(request):
role_list = models.Role.objects.all()
user_id = request.session.get("user_id")
user_obj = models.UserInfo.objects.filter(nid=user_id).first()
return render(request,
"show_role.html",
{
"role_list": role_list,
"user_obj": user_obj,
})
# 编辑角色
def change_role(request, id):
print(id)
# 当前用户权限的url
# permission_list = request.session.get("permission_list", [])
# print("权限", permission_list)
# current_path = request.path_info
# print(current_path)
return HttpResponse("编辑角色")
{% extends 'base.html' %}
{% block main-page %}
<div class="container">
<div class="row form-list">
<div class="col-md-10 col-md-offset-1">
<div class="panel panel-primary">
<!-- Default panel contents -->
<div class="panel-heading">角色列表</div>
<div class="panel-body">
<a href="" class="btn btn-primary">添加角色</a>
</div>
<!--表开始-->
<table class="table table-bordered table-striped">
<thead>
<tr>
<th>序号</th>
<th>职称</th>
<th>人员</th>
<th>权限</th>
<th>操作</th>
</tr>
</thead>
<tbody>
{% for role in role_list %}
<tr>
<th>{{ forloop.counter }}</th>
<th>{{ role.title }}</th>
<th>
{% for user in role.userinfo_set.all %}
{{ user.username}}
{% endfor %}
</th>
<th>
{% for permission in role.permissions.all %}
{{ permission.title }}
{% endfor %}
</th>
<th>
<a href="/users/change/{{ user.pk }}/" class="btn btn-info">编辑</a>
<a href="/users/delete/{{ user.pk }}/" class="btn btn-danger">删除</a>
</th>
</tr>
{% endfor %}
</tbody>
</table>
<!--表结束-->
</div>
</div>
</div>
</div>
{% endblock %}