/
permission.py
136 lines (110 loc) · 4.37 KB
/
permission.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect, HttpResponse
from django.shortcuts import render
from django.contrib.auth.decorators import login_required
from accounts.forms import PermissionListForm
from accounts.models import UserInfo, RoleList, PermissionList
def permission_verify():
"""
权限认证模块,
此模块会先判断用户是否是管理员(is_superuser为True),如果是管理员,则具有所有权限,
如果不是管理员则获取request.user和request.path两个参数,判断两个参数是否匹配,匹配则有权限,反之则没有。
"""
def decorator(view_func):
def _wrapped_view(request, *args, **kwargs):
iUser = UserInfo.objects.get(username=request.user)
# 判断用户如果是超级管理员则具有所有权限
if not iUser.is_superuser:
if not iUser.role: # 如果用户无角色,直接返回无权限
return HttpResponseRedirect(reverse('permission_deny'))
role_permission = RoleList.objects.get(name=iUser.role)
role_permission_list = role_permission.permission.all()
matchUrl = []
for x in role_permission_list:
# 精确匹配,判断request.path是否与permission表中的某一条相符
if request.path == x.url or request.path.rstrip('/') == x.url:
matchUrl.append(x.url)
# 判断request.path是否以permission表中的某一条url开头
elif request.path.startswith(x.url):
matchUrl.append(x.url)
else:
pass
print('{}---->matchUrl:{}'.format(request.user, str(matchUrl)))
if len(matchUrl) == 0:
return HttpResponseRedirect(reverse('permission_deny'))
else:
pass
return view_func(request, *args, **kwargs)
return _wrapped_view
return decorator
@login_required
def permission_deny(request):
temp_name = "main-header.html"
kwvars = {
'temp_name': temp_name,
'request': request,
}
return render(request, 'accounts/permission_deny.html', kwvars)
@login_required
@permission_verify()
def permission_add(request):
temp_name = "accounts/accounts-header.html"
if request.method == "POST":
form = PermissionListForm(request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('permission_list'))
else:
form = PermissionListForm()
kwvars = {
'temp_name': temp_name,
'form': form,
'request': request,
}
return render(request, 'accounts/permission_add.html', kwvars)
@login_required
@permission_verify()
def permission_list(request):
all_permission = PermissionList.objects.all()
temp_name = "accounts/accounts-header.html"
return render(request, 'accounts/permission_list.html', locals())
@login_required
@permission_verify()
def permission_edit(request, ids):
temp_name = "accounts/accounts-header.html"
iPermission = PermissionList.objects.get(id=ids)
if request.method == "POST":
form = PermissionListForm(request.POST, instance=iPermission)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('permission_list'))
else:
form = PermissionListForm(instance=iPermission)
kwvars = {
'temp_name': temp_name,
'ids': ids,
'form': form,
'request': request,
}
return render(request, 'accounts/permission_edit.html', kwvars)
@login_required
@permission_verify()
def permission_del(request, ids):
PermissionList.objects.filter(id=ids).delete()
return HttpResponseRedirect(reverse('permission_list'))
@login_required
def get_user_permission(request):
ret = []
iUser = UserInfo.objects.get(username=request.user)
try:
role_permission = RoleList.objects.get(name=iUser.role)
role_permission_list = role_permission.permission.all()
for p in role_permission_list:
d = p.name
ret.append(d.encode('ascii'))
except:
data = "Role list is empty"
data = ",".join(ret)
return HttpResponse(str(data))