对于Django而言,虽然自带了一些基本的通用权限限制,但现实中,可能我们更希望自己去定义业务权限划分
Django对于权限这块的部分验证方法
1 user = request.user 2 user.is_superuser #是否是超级管理员 3 user.s_anonymous() #是否匿名用户,及未登录用户 4 user.groups.select_related() #获取用户对应的组角色对象, 5 #当获取到group后,通过group.name获取组名,
下面是一段完整的权限控制例子
1 #!/usr/bin/env python 2 # encoding:utf8 3 4 from django.core.urlresolvers import resolve 5 from django.shortcuts import render 6 7 8 # 定义角色权限 9 roles = { 10 'consultant': ['Customer', 'ConsultRecord'], 11 'teachers': ['Course', 'ClassList', 'CourseRecord', 'StudyRecord'], 12 'students': ['StudyRecord'], 13 } 14 # 权限映射 15 permission_map = { 16 'view_home': ['index', 'GET', []], # 展示对应对可操作对象 17 'view_object': ['admin_controller', 'GET', ['show']], # 查看具体对象对数据信息 18 'edit_object': ['admin_controller', 'POST', ['show', 'id']], # 具有编辑该对象对权限 19 'add_object_view': ['admin_controller', 'GET', ['add']], # 进入添加页面,但不表示可以进行修改,该权限用于对表格显示字段过长,显示不全,可以进入该页面查看 20 'add_object': ['admin_controller', 'POST', ['add']], # 具有添加该对象对权限 21 'delete_object': ['admin_controller', 'POST', ['show', 'data']], # 具有删除该对象对权限 22 } 23 24 25 def check_process(*args, **kwargs): 26 request = args[0] 27 user = request.user 28 if user.is_superuser: 29 return True 30 resolver_match_obj = resolve(request.path) 31 url_name = resolver_match_obj.url_name 32 args = list(resolver_match_obj.args) 33 args.extend(request.GET) 34 args.extend(request.POST) 35 print('begin checking permission ', resolver_match_obj) 36 if url_name: 37 is_match = False 38 match_perm = None 39 for permission in permission_map: 40 permission_action = permission_map[permission] # 获取url对应的权限动作 41 print('----------------url action: ', permission_action) 42 if len(permission_action) == 3: # 为保障下面语句执行不为语法而被破坏,加上该条件,强制性判断,否则放行 43 define_url_name, define_request_method, define_others = permission_action 44 if url_name == define_url_name: 45 print("match url name: ", define_url_name) 46 if request.method == define_request_method: 47 print("match method: ", define_request_method) 48 if define_others: # 如果定义了具体参数匹配,则继续匹配参数 49 print("check others: ", permission, define_others) 50 for arg in define_others: 51 if hasattr(request, str(define_request_method)): 52 request_method = getattr(request, str(define_request_method)) # 获取对应的请求方法对象 53 if hasattr(request_method, arg) or arg in args: # 如果能匹配参数,则标记匹配 54 is_match = True 55 print("others match: ", arg) 56 else: 57 print("others not match: ", arg) 58 is_match = False 59 if is_match: 60 print("others match done: ", permission, permission_action) 61 match_perm = permission 62 break 63 else: 64 is_match = True 65 match_perm = permission 66 print("url check done ...", permission, permission_action) 67 break 68 else: 69 print('please check the define rules, maybe has some problem') 70 return True # 如果定义的动作不完整,为避免新增权限的缺陷影响业务,这种错误应该放行处理 71 else: 72 return True # 如果没有找到对应的url name则放行处理 73 74 if is_match: 75 print("begin check user permission ...") 76 if user.is_anonymous(): 77 print("user has not login ...") 78 return True # 如果用户是匿名,说明该页面可能不需要权限控制,放行处理,假如该view需要登录认证,那么再次权限处理时,不会在此处理 79 elif user.has_perm('%s.%s' % (__package__, match_perm)): 80 groups = user.groups.select_related() 81 model_list = [] 82 for group in groups: 83 if group.name in roles: 84 model_list.extend(roles[group.name]) 85 if args and len(args) > 1: # 如果URL获取到参数,则对参数进行比较 86 access_model = args[0] 87 if access_model not in model_list: # 该操作主要拦截,直接使用URL方式而非超链接,尝试指定不同model访问其它数据 88 return False 89 return True 90 return model_list if model_list else True # 如果model_list为空,且该用户还有权限,那么只有超级用户才有这种特权了 91 return False 92 93 94 def decorator(func): 95 def wrapper(*args, **kwargs): 96 check_result = check_process(*args, **kwargs) 97 if not check_result: 98 render_respond = render(args[0], '403.html') 99 render_respond.status_code = 403 # 修改头部信息状态码 100 print("permission refused ...") 101 return render_respond 102 if type(check_result) is list: # 该参数仅在本次view中可能有用,所以在return时需要尝试捕获,如果出错,则尝试移除该key,再返回,再有其它错误,就可以排除是该权限控制产生的了 103 kwargs['model_list'] = check_result 104 print('permission check passed...') 105 try: 106 return func(*args, **kwargs) 107 except TypeError: 108 kwargs.pop('model_list') 109 return func(*args, **kwargs) 110 return wrapper
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:Django 权限管理 - Python技术站