rbac role-based access control (8 scene reproduction)

First question is to be thrown in the code what the world is authority?

url on behalf of the authority

How to achieve access control?

The following details the control flow

Simple Access Control 1.1 - Table Structure

简单权限控制,三个model,五张表

Permissions table permission

url permission url address regular expression ^ $
title title

Roles table role

name Role Name
permissions-many association permission table

User table user

username username
password password
roles of both multi-role association

Relational tables roles and permissions

Relational tables for users and roles

1.2 a Menu - Table Structure

一级菜单: 在permission表中增加is_menu字段,区别该权限是否是菜单

Permissions table

url permission url address regular expression ^ $
title title
Whether is_menu the menu
icon icon

1.3 Secondary Menu - Table Structure

二级菜单: 实现二级菜单功能时,需要增加第六张表menu,在权限表中加入外键,关联menu表,有menu_id 当前的权限是二级菜单没有menu_id 当前的权限是普通的权限

Table menu

Name a menu title
icon icon

Permissions table

url permission url address regular expression ^ $
title title
the foreign key menu menu table has two current permissions menu_id menu is currently no authority menu_id ordinary authority

1.4 of a second menu Menu sort - table structure

要对一级菜单排序,在menu中加入weight权重字段

Table menu

Name a menu title
icon icon
weight integer

1.5 Non-menu ownership rights

权限归属,在menu表中加入parent外键,自关联权限表, 有parent_id当前的权限是子权限, 没有parent_id 当前的权限是父权限 ,即二级菜单

Permissions table

url permission url address regular expression ^ $
title title
Foreign key menu - the menu associated with the current table has permission menu_id secondary menu is currently no authority menu_id ordinary authority
parent foreign key - associated authority table - autocorrelation, there is a sub-current permissions parent_id permission rights are not currently parent_id permission two parent menu

--Table Structure:

menu menu table
- title title
- icon icon
- weight Permissions
permission rights table
- url rights, url path, the regular expression ^ $
- title title
- name url alias, the only
- menu foreign key - associated menu list, blank = True, null = True, (using two menu)
  - There is menu_id, the current permissions are secondary menu,
  - No menu_id current permissions are common permissions
- parent self-association (non-vested rights to use the menu)
  - There is menu_id child rights
  - Parent permission is not parent_id
- is_menu Boolean value, a menu used
- icon, a menu used
role role table
- name name of the role,
- permission-many association permission table
user user table
- username username
- password password
Table role_permission roles and permissions
Table user_role users and roles

- a data structure (process technology point +)

1. Simple access control

After the successful landing rights information stored in the session
- Permissions data structure
```
permission_list = [{url},]
```
Middleware -

-(校验成功,return None,校验失败继续执行)
- Get url path of the current access
- Whitelist check
- Check the login status
- Free certified address verification
- Check permissions
  - Obtain permission from the sission
  - Cycling privileges, the regular match
template
- Master and inheritance

2. dynamically generate a menu

Log user right to successfully saved in sission
- Permissions data structure
```
permission_list=[{url},]
```
- Menu data structure
```
menu_list=[{url:,title:,icon:,},]
```
Middleware

校验成功,return None,校验失败继续执行
- Get url path of the current access
- Whitelist check
- Login status check
- Free certification path validation
- Check permissions
  - Obtain permission from the session
  - Cycling privileges, the regular match
Master
- inclusion_tag
- Generating a dynamic menu
  - Defined inclusion_tag
  - yi had for circulation men_list, generates a menu

3. The two dynamically generated menu

After a successful login session to save user rights

Permissions list data structure
```
permission_list ={{url:,},}
```

Menu dictionary data structure

menu_dict={一级菜单ID:{
    title:
    icon:
    children:[{
        url:
        title:
    },]
},}

Middleware
- Get url path of the current access
- Whitelist check
- Login status check
- Free certification path validation
- Check permissions
  - Obtain permission from the session
  - Cycling privileges, the regular match
template
- Templates and inheritance
- Two dynamically generated menu
  - Custom inclusion_tag
  - Two for loops to menu_dict.values ()

4. The two dynamically generated menu (a menu ordering)

Permissions list data structure
```
permission_list= [{url},]
```

Menu dictionary data structure

menu_dict = {一级菜单的id:{
    title:
    icon:
    weight:
    children:[{
        url:
        title:
    },]
},}

Middleware
- Middleware
  - Get url path of the current access
  - Whitelist check
  - Login status check
  - Free certification path validation
  - Check permissions
    - Obtain permission from the session
    - Cycling privileges, the regular match
template
- Master and inheritance
- Generating a second-level menu and the menu ordering
  - Custom inclusion_tag
  - menu_diact dictionary sort of sorted, added to the ordered dictionary od
  - Two for loop, return ordered dictionary od.values (),

The two dynamically generated menu (second menu is selected by default, expand)

After a successful login session to save user rights

Permissions list data structure
```
permission_list =  [{url}]
```

Menu dictionary data structure

menu_dict= {一级菜单id:{
    title:
    icon:
    weight:
    children:[{
        url:
        title:
    },]
},}

Middleware
- Get url address of the current access path
- Whitelist check
- Log in state inspection
- Authentication-free address check
- Check permissions
  - Obtain permission from the session
  - Cycling privileges, the regular match
template
- Master and inheritance
- Two dynamically generated menu, and sorting, expand
  - Custom inclusion_tag
  - Gets the current url
  - menu_diact dictionary sort of sorted, added to the ordered dictionary od
  - Circulating a menu added class = 'hide'
  - Cyclic secondary menu, regular matching url, if the matching is successful
    - Secondary menu plus class = 'active'
    - A menu class = ''
  - Two for loop, return ordered dictionary od.values ()

6. two dynamically generated menus (non-permission home menu, select two sub-menu expanded rights)

After a successful login session to save user rights

Permissions list data structure

permission_list = [{
    url:
    id:
    pid:
},]

Menu dictionary data structure

menu_dict = {一级菜单id:{
    title:
    icon:
    weight:
    children:[{
        url:
        title:
        id:
    },]
},}

Middleware
- Get url path of the current access
- Whitelist check
- = None request.current_menu_id --- Free authentication when accessing the index address, to ensure that all secondary menu closed
- Check the login status
- Free certified check
- Check permissions
  - Obtain permission from sission canceled in
  - Cycling privileges, the regular match
  - Get Permissions list id and pid
    - When pid is not present, the current permission is a secondary menu, the request id to the package, id = request.current_menu_id the --current Current -
    - When pid is present, the current permission is a secondary menu, the pid id package, i.e., the headset menu to requst, request.current_menu_id = pid
template
- Master and inheritance
- Generate a secondary menu, select the secondary menu expand child rights
  - Custom inclussion_tag
  - Gets the current url
  - sorted sort of menu level, added to the ordered dictionary od
  - Circulating a menu added class = 'hide'
  - Cyclic secondary menu, the menu is determined request.current_menu_id the two are equal in the id
    - The two menu was added to equal class = 'active', remove the hide a menu class, class = ''
  - Two for loops to return od.values ()

7. Path navigation

Log user right to successfully saved in sission

Permissions dictionary data structure

permission_dict ={权限id:{   # 可以根据子权限的pid获取父权限的字典
    url:,
    id:,
    pid:,
    title:,
    },}

Menu dictionary data structure

menu_dict = {一级菜单id:{
    title:
    icon:
    weight:
    children:[{
        url:
        title:
        id:
    },]
},}

Middleware
- Get url path of the current access
- Whitelist check
- = None request.current_menu_id --- Free authentication when accessing the index address, to ensure that all secondary menu closed
- request.breadcrumb_list = [{ 'title': 'Home', 'url': '/ index /'},] --- Free add authentication information to the navigation route
- Login status check
- Authentication-free address check
- Check permissions
  - Obtain permission from the sission
  - Cycling privileges permissions_dict.vlaues, regular match
  - Get id and pid
    - If pid is a secondary menu does not exist,
      - request.current_menu_id = id
      - Encapsulating the two menu information --request.breadcurmb_list.append ({ 'title': i [ 'title'], 'url': i [ 'url']})
    - If pid exist, a child rights
      - Parent permission p_permissions = permissions_dict [str ( 'dict')]
      - request.current_menu_id = pid
      - Encapsulating the two menu information --request.breadcurmb_list.append ({ 'title': p_permissions [ 'title'], 'url': p_permissions [ 'url']})
      - Permissions sub menu information package --request.breadcurmb_list.append ({ 'title': i [ 'title'], 'url': i [ 'url']})
template
- Master and inheritance
- Generate a secondary menu, select the secondary menu expand child rights
  - Custom inclussion_tag
  - Gets the current url
  - sorted sort of menu level, added to the ordered dictionary od
  - Circulating a menu added class = 'hide'
  - Cyclic secondary menu, the menu is determined request.current_menu_id the two are equal in the id
    - The two menu was added to equal class = 'active', remove the hide a menu class, class = ''
  - Two for loops to return od.values ()
- Breadcrumbs
  - Custom inclusion_tag
  - 获取breadcurmb_list= request.breadcrumb_list
  - One for loop request.breadcrumb_list

8. level access control to the button

Save user privileges after successful login to the session

Permissions dictionary data structure

permisssions_dict={url别名:{
    url:
    id:
    pid:
    pname:
},}

Menu dictionary data structure

menu_dict = {一级菜单id:{
    title:
    icon:
    weight:
    children:[{
        url:
        title:
        id:
    },]
},}

Middleware
- Get url path of the current access
- Whitelist check
- request.current_menu_id=None
- request.breadcrumb_list=[{'tittle':'主页','url':'/index/'},]
- Login status check
  - Obtain permission from the sission
  - Cycling privileges permissions_dict.vlaues, regular match
  - Get id and pid
    - If pid does not exist, the current url is secondary menu
      - request.current_menu_id = id
      - request.breadcrumb_list.append({'title':i['title'],'url':i['url']})
    - If pid exists, the current url is child rights
      - Parent rights acquired (second level) information p_permissions = permissions_dict [i [ 'pname']]
      - request.current_menu_id = pid
      - request.breadcrumb_list.append({'title':p_permissions['title'],'url':p_permissions['url']})
      - request.breadcrumb_list.append({'title':i['title'],'url':i['url']})
template
- Master and inheritance
- Generating a second-level menu / menu a sort / non-permission to the home menu, select two sub-menu to expand the permissions
  - Custom inclussion_tag
  - Gets the current url
  - sorted sort of menu level, added to the ordered dictionary od
  - Circulating a menu added class = 'hide'
  - Cyclic secondary menu, the menu is determined request.current_menu_id the two are equal in the id
    - The two menu was added to equal class = 'active', remove the hide a menu class, class = ''
  - Two for loops to return od.values ()
- Breadcrumbs
  - Custom inclusion_tag
  - 获取breadcurmb_list= request.breadcrumb_list
  - One for loop request.breadcrumb_list
- Access control to the button
  - Custom filter --has_permission
  - Analyzing pass over the front end name in permission_dict,
    - There is return True
    - There is no return False
  - Judge {% if request | has_permission: name%} in html file {% endif%}