model
from django.db import models
# Create your models here.
class User(models.Model):
name=models.CharField(max_length=32)
pwd=models.CharField(max_length=32)
roles=models.ManyToManyField(to="Role")
def __str__(self): return self.name
class Meta:
verbose_name_plural = "用户表"
class Role(models.Model):
title=models.CharField(max_length=32)
permissions=models.ManyToManyField(to="Permission")
def __str__(self): return self.title
class Meta:
verbose_name_plural = "角色表"
class Permission(models.Model):
title=models.CharField(max_length=32)
url=models.CharField(max_length=32)
class Meta:
verbose_name_plural = "权限表"
def __str__(self):return self.title
URL
from django.contrib import admin
from django.urls import path
from myapp import views
urlpatterns= [
path('admin/', admin.site.urls),
path('login/', views.login),
path('user/', views.users),
path('role/', views.roles),
path('user/add/', views.add_user),
]
viwes
from django.shortcuts import render,HttpResponse
# Create your views here.
from webauth import models
def login(request):
if request.method == "POST":
name=request.POST.get("user")
pwd = request.POST.get("pwd")
print(name,pwd)
user_obj=models.User.objects.filter(name=name,pwd=pwd).first()
if user_obj:
# 查询登录成的所有用户权限
# 查询当前登录用户的所有角色
ret=user_obj.roles.all()
print(ret) # <QuerySet [<Role: ceo>, <Role: 保安部>]>
############################### 在session中注册用户ID######################
bb=request.session["user_id"] = user_obj.pk
print(bb,"session存储值")
ret1 = user_obj.roles.values("permissions__url")
print(ret1,"11111")
# < QuerySet[ {'permissions__url': 'user/add/'}, {'permissions__url': '/user/'}, {'permissions__url': '/role/'}, {'permissions__url': '/user/'}] > 11111
ret11 = user_obj.roles.all().values("title")
print(ret11,"22222") # < QuerySet[{'title': 'ceo'}, {'title': '保安部'}] > 22222
ret12= user_obj.roles.values("title")
print(ret12,"333333") # < QuerySet[{'title': 'ceo'}, {'title': '保安部'}] > 333333
ret3 = user_obj.roles.values("permissions__url").distinct()
print(ret3)
li_list=[]
for items in ret3:
li_list.append(items["permissions__url"])
print(li_list,"访问权限_________________________")
# ['/user/add/', '/user/', '/role/', '/user/dels/(\\d+)/', '/user/edit/(\\d+)/']
###############################在session注册权限列表##############################
aa=request.session["li_list"] = li_list
print(aa,"权限保存在session中哈哈哈")
# ['/user/add/', '/user/', '/role/', '/user/dels/(\\d+)/', '/user/edit/(\\d+)/']
return HttpResponse("ok")
return render(request,"01login.html")
# 用户
def users(request):
user_list=models.User.objects.all()
return render(request,"users.html",locals())
import re
# 添加
def add_user(request):
add_list=request.session["li_list"]
# 在session中获取权限 在做校验
print(add_list,"#在session中获取权限 在做校验")
# ['/user/add/', '/user/', '/role/', '/user/dels/(\\d+)/', '/user/edit/(\\d+)/']
path_info=request.path_info # / user / add /
print(path_info)
flag=False
for add_li in add_list:
re_li="^%s$"%add_li
ret=re.match(re_li,path_info)
if ret:
flag=True
break
if not flag:
return HttpResponse("没有访问权限")
return HttpResponse("add user.....")
# 角色
def roles(request):
add_list=request.session["li_list"]
# 在session中获取权限 在做校验
print(add_list,"#在session中获取权限 在做校验")
# ['/user/add/', '/user/', '/role/', '/user/dels/(\\d+)/', '/user/edit/(\\d+)/']
path_info=request.path_info # / user / add /
print(path_info)
flag=False
for add_li in add_list:
re_li="^%s$"%add_li
ret=re.match(re_li,path_info)
if ret:
flag=True
break
if not flag:
return HttpResponse("没有访问权限")
role_list=models.Role.objects.all()
return render(request,"roles.html",locals())