##RBAC
RBAC (Role-Based Access Control, role-based access control), that is, by associating user roles and permissions. Simply put, a user has several roles, a role has a number of privileges. In this way, it is configured to "user - role - permission" license model. In this model, are many relationships between roles and permissions between users and roles. # Note: django if there is no global error not directly but to find templates and static folder they are able to introduce normal under each application in the templates and static files to find the time, this is the advantage of application development based on django
## role-based access control case are as follows
## model to create three tables in app01 applications
from django.db import models # Create your models here. class User(models.Model): username = models.CharField(max_length=32) password = models.CharField(max_length=32) roles = models.ManyToManyField(to='Role') def __str__(self): return self.username class Role(models.Model): title = models.CharField(max_length=32) permissions = models.ManyToManyField(to='Permission') def __str__(self): return self.title class Permission(models.Model): title = models.CharField(max_length=32) url = models.CharField(max_length=255) def __str__(self): return self.title
## has been introduced into the completed assembly configured stark RBAC, the function is similar to assembly stark django function comes default admin
## Configuring application settings in stark
## Creating stark.py file app01 applications, and then register the model table
from stark.service.stark import site,ModelStark from app01 import models site.register(models.User) site.register(models.Role) site.register(models.Permission)
## Log function
#login.html {% extends 'stark/base.html' %} {% block content %} <form action="" method="post"> <h2 class="text-center">登录</h2> {% csrf_token %} <p>username:<input type="text" class="form-control" name="username"></p> <p>password:<input type="password" class="form-control" name="password"></p> <input type="submit" class="btn btn-info pull-right"> </form> {% endblock %} #后端 def login(request): if request.method == 'POST': username = request.POST.get('username') password = request.POST.get('password' ) USER_OBJ = models.User.objects.filter (username = username, password = password) .first () IF USER_OBJ: # record the current user state makes request.session [ ' username ' ] = user_obj.username # Get the current user access , but also to re- permission_list = user_obj.roles.values ( ' permissions__url ' ) .distinct () # Print (permission_list) # <QuerySet that [{ 'permissions__url': '/ Stark / app01 / User /'}, { 'permissions__url' : '/ Stark / app01 / Role /'}]> # save the currently visited by the user in the session request.session['permission_list'] = [permission.get('permissions__url') for permission in permission_list] return render(request,'index.html',locals()) return render(request,'login.html')
## middleware functions: landing rights verification, black and white lists, url access control
# Setting the intermediate configuration MIDDLEWARE = [ ' app01.permission.permission.MyPermission ' , ]
### Configuration Middleware C: \ CRM \ app01 \ permission \ permission.py
Import Re from django.utils.deprecation Import MiddlewareMixin from django.shortcuts Import redirect, HttpResponse class MyPermission (MiddlewareMixin): DEF process_request (Self, Request): # Get the current user like visited url # Print (request.path) # get url suffix # Print (request.get_full_path ()) # Get the suffix get request parameter current_path = request.path # define site whitelist, and given all starts by admin '/admin/.*' WHITE_LIST = [ ' / Login / ' , ' / Register / ' , '/ index / ' , ' /admin/.* ' ] # IF current_path in WHITE_LIST: # return None # positive determination is not perfect or to be matched by the positive for URL in WHITE_LIST: RES = the re.search (URL, current_path) iF RES: return None # verify a user is logged iF not request.session.get ( ' username ' ): return redirect ( ' / the Login ' ) # check user rights = request.session.get permission_list ( ' permission_list ' ) # determines current url is within the scope of authorized access url "" " points to consider: url present in regular match, than it exists or not on, it must be through a regular determines exists or not can not be determined directly by in "" " for permission in permission_list: # fixed authorized url, url exceeds the length can not match ", "" such as: view only http://127.0.0.1:8000 / stark / app01 / user / each, then he will not be authorized to add match to add to url: http://127.0.0.1:8000/stark/app01/user/add/ "" " permission = ' ^% $ S '% permission true= re.search(permission,current_path) if res : return None return HttpResponse('没有权限')
## Requirements: sidebar to show users all the permissions (usually only show query, edit and add no significance)
Problem: how to solve which a url query url, which is edited or url added
solutions: to identify, query url to identify the list query, add it means add by giving permission will be permission to add a flag field, editor says edit, delete it with the delete to represent
backend to find out which is the url query by acquiring this field, and then added to a list of variables set in dictionary form, rendering to the front to use the variable