Home > Developer > Web Develop
Requirements: The Web system contains the following 5 URLs, respectively, for different resources;
1, stu/add_stu/
2, stu/upload_homework/
3, stu/query_homework/
4, stu/add_record/
--------------------------------------------------------------------------------------------------------
Students can visit: 2,3
Teachers can visit: 1,4
User permissions can be controlled by role-based:
First, the data model
1, the user table: the user table and the role table for many-to-many relationships, 1 users can have multiple roles, 1 roles can be divided by a number of users;
email = models. Emailfield (
Verbose_name= ' Email address ',
max_length=255,
Unique=true,
)
Password = models. Charfield (_ (' password '), max_length=128,\
Help_text=mark_safe ("<a href =" password/"> Change Password </a> '))
Name = models. Charfield (max_length=32,help_text= ' user after login please change to real name ')
Is_active = models. Booleanfield (Default=true)
Is_admin = models. Booleanfield (Default=false)
Role = models. Manytomanyfield ("Role")
def __str__ (self):
Return Self.email
2. Role table:
Class Role (models. Model):
"" Role Table "" "
Name = models. Charfield (UNIQUE=TRUE,MAX_LENGTH=32)
Menus = models. Manytomanyfield ("menu")
def __str__ (self):
Return Self.name
3. Menu Table:
Second, the front-end based on user rights to generate menusClass Menu (models. Model):
"" "Dynamic Menu" ""
Name = models. Charfield (UNIQUE=TRUE,MAX_LENGTH=32)
Url_type = models. Smallintegerfield (choices= (0, ' Relative_name '), (1, ' Absolute_url '))
Url_name = models. Charfield (unique=true,max_length=128)
def __str__ (self):
Return Self.name
Third, the background according to User Rights Control menu access<div class= "Container-fluid" >
<div class= "Row" >
{% block Side-bar%}
<div class= "col-sm-3 col-md-2 sidebar" >
<ul class= "Nav nav-sidebar" >
{% block Side-bar-menus%}
{% for role in request.user.userprofile.roles.all%}
{% for menu in role.menus.all%}
<li>
<a href= "{% if Menu.url_type = = 0%}{% url menu.url_name%}{% Else%} {{menu.url_name}}{% endif%}" >
{{Menu.name}}
</a>
</li>
{% ENDFOR%}
{% ENDFOR%}
{% Endblock%}
</ul>
</div>
{% Endblock%}
This allows the menu to be generated based on the user, but if the user is not through the menu method, but directly through the URL access, the background still does not control these URLs
Adorner:
In short, the Python adorner is a function that extends the function of the original function, which is special because its return value is also a function, the advantage of using the Python adorner is to add new functionality to the function without changing the code of the original function.
Class Mddile1 (Middlewaremixin):
def process_request (self,request):
#如果用户访问的url是登录, registration page, record to whitelist, release
For URLs in Settings. Pass_url_list:
If Re.match (url,request.path_info):
Return None
Permission_url_list=request.session.get (settings. Session_permission_url_key)
#如果用户访问的url do not return to the login page within the current user right
If not permission_url_list:
return redirect (settings. Login_url)
Current_url=request.path_info
#由于数据库的数据 may be regular all must be exact match
Flag=false
For URL in permission_url_list:
Url= ' ^%s$ '% (URL)
If Re.match (Url,current_url):
Flag=true
Break
If not flag:
If settings. DEBUG: #如果是程序调试应该 Show permissions that users can access
Url_html= ' <br/> ' Join (permission_url_list)
return HttpResponse (' No access you can access%s '%url_html)
Else
return HttpResponse (' No Permissions ')
Django Web custom Universal permission control
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
