本文介绍了一个用户权限管理系统的设计实现,包括用户模型与权限模型的定义、权限装饰器的使用及如何在视图函数中应用这些装饰器进行权限验证。
一、用户模型和权限模型
- user/models.py
from django.db import models
from django.contrib.auth.hashers import make_password
class User(models.Model):
nickname = models.CharField(max_length=64, unique=True, null=False, blank=False)
password = models.CharField(max_length=64, null=False, blank=False)
head = models.ImageField()
age = models.IntegerField()
sex = models.IntegerField()
pid = models.IntegerField(default=1) # 权限 ID
def save(self):
if not self.password.startswith('pbkdf2_'):
self.password = make_password(self.password)
super().save()
@property
def permission(self):
return Permission.objects.get(self.pid)
class Permission(models.Model):
perm = models.IntegerField()
name = models.CharField(max_length=64, unique=True)二、权限装饰器
- user/helper.py
from django.shortcuts import render
from user.models import Permission
def check_permission(user, perm_name):
'''检查用户是否具有该权限'''
user_perm = Permission.objects.get(id=user.pid)
need_perm = Permission.objects.get(name=perm_name)
return user_perm.perm >= need_perm.perm
def permit(perm_name):
'''权限检查装饰器'''
def wrap1(view_func):
def wrap2(request, *args, **kwargs):
user = getattr(request, 'user', None)
if user is not None:
if check_permission(user, perm_name):
return view_func(request, *args, **kwargs)
return render(request, 'blockers.html')
return wrap2
return wrap1三、在视图函数使用权限装饰器
- posts/views.py
@permit('admin')
def create(request):
...
@permit('user')
def comment(request):
...
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
