from django.contrib.auth.hashers import make_password, check_password
from django.contrib.auth.models import AbstractBaseUser
class User( AbstractBaseUser) :
username = models.CharField( max_length= 255 , unique = True, verbose_name = "手机号" )
password = models.CharField( max_length= 255 , unique = False, verbose_name = "密码" )
is_vip = models.BooleanField( default= False,verbose_name= "是否为vip" )
vip_expires_at = models.DateTimeField( auto_now_add= True,verbose_name= "vip过期时间" )
is_active = models.BooleanField( default= True)
USERNAME_FIELD = 'username'
def set_password( self, raw_password) :
self.password = make_password( raw_password)
def check_password( self, raw_password) :
return check_password( raw_password, self.password)
class Meta:
db_table = "blog_user"
verbose_name = "用户表"
verbose_name_plural = verbose_name
class Role( models.Model) :
role_name = models.CharField( '角色名字' , max_length = 16 )
class Meta:
db_table = "blog_role"
verbose_name = "角色表"
verbose_name_plural = verbose_name
class Access( models.Model) :
name = models.CharField( '用户权限名称' , max_length = 256 )
path = models.CharField( '用户权限路由' , max_length = 256 )
method = models.CharField( '用户权限请求方式' , max_length = 16 )
types = models.CharField( '权限类型' , blank = True, null = True, max_length = 10 )
class Meta:
db_table = "blog_access"
verbose_name = "权限表"
verbose_name_plural = verbose_name
class UserRole( models.Model) :
user_id = models.IntegerField( '用户ID' , null = True, blank = True)
role_id = models.IntegerField( '角色ID' , null = True, blank = True)
class Meta:
db_table = "blog_user_role"
verbose_name = "用户角色表"
verbose_name_plural = verbose_name
class RoleAccess( models.Model) :
role_id = models.IntegerField( '角色ID' , null = True, blank = True)
acc_id = models.IntegerField( '权限ID' , null = True, blank = True)
class Meta:
db_table = "blog_role_access"
verbose_name = "角色权限表"
verbose_name_plural = verbose_name
python manage.py makemigrations
python manage.py migrate
from rest_framework.views import APIView
from rest_framework.response import Response
from userauth.models import User
from systemauth.models import Role, Access, UserRole, RoleAccess
class UserInfoView( APIView) :
def post( self, request,*args, **kwargs) :
print( '获取用户信息' ,request.user.username)
user_info = User.objects.get( username= request.user.username)
role_info = UserRole.objects.filter( user_id= user_info.id)
role_id_lst = [ role.id for role in role_info]
role_access_info = RoleAccess.objects.filter( role_id__in= role_id_lst)
access_id_lst = [ access.acc_id for access in role_access_info]
access_info = Access.objects.filter( id__in= access_id_lst)
permission_info = list( )
for access in access_info:
permission_info.append( {
'name' : access.name,
'path' : access.path,
'method' : access.method,
'types' : access.types
} )
request.session[ 'permission_info' ] = permission_info
return Response( { 'permission_info' : request.session.get( 'permission_info' ) } )
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse
class PermissionMiddleware( MiddlewareMixin) :
def process_request( self, request) :
print( 'RABC权限中间件' )
request_path = request.path
white_lst = [ '/userauth/login/' , "/userauth/userinfo/" ]
if request_path in white_lst:
return None
permission_info = request.session.get( 'permission_info' ,[ ] )
permission_api_lst = [ info.get( 'path' ) for info in permission_info]
if request_path in permission_api_lst:
return None
return HttpResponse( "您没有访问权限" )
