def perm_check(*args,**kwargs):
request = args[0]
resolve_url_obj = resolve(request.path)
current_url_name = resolve_url_obj.url_name # 当前url的url_name
print('---perm:',request.user,request.user.is_authenticated(),current_url_name)
match_flag = False
match_key = None
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for per_key,per_val in perm_dic.items():
per_url_name, per_method,per_args = per_val
if per_url_name == current_url_name: #matches current request url
if per_method == request.method: #matches request method
if not per_args: #if no args defined in perm dic, then set this request to passed perm check
match_flag = True
match_key = per_key
else:
#逐个匹配参数,看每个参数时候都能对应的上。
for item in per_args:
request_method_fun = getattr(request,per_method)
if request_method_fun.get(item,None):# request字典中有此参数
match_flag = True
else:
match_flag = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
if match_flag == True:
match_key = per_key
break
if match_flag:
app_name, *per_name = match_key.split('_')
print("--->matched ",match_flag,match_key)
print(app_name, *per_name)
perm_obj = '%s.%s' % (app_name,match_key)
print("perm str:",perm_obj)
if request.user.has_perm(perm_obj):
print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs):
request = args[0]
resolve_url_obj = resolve(
request.path) #通过resolve()方法,可获得url_name ,resolve_url_obj是个集合
current_url_name = resolve_url_obj.url_name # 当前url的url_name
print('---perm:', request.user, request.user.is_authenticated,
current_url_name, request.method)
#match_flag = False
match_results = [
None,
]
match_key = None
if request.user.is_authenticated is False:
return redirect(settings.LOGIN_URL)
for permission_key, permission_val in perm_dic.items():
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
perm_hook_func = permission_val[4] if len(permission_val) > 4 else None
if per_url_name == current_url_name: #matches current request url
if per_method == request.method: #matches request method
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm
#逐个匹配参数,看每个参数时候都能对应的上。
args_matched = False #for args only用于判断过滤等条件是否成功
for item in perm_args:
request_method_func = getattr(
request, per_method) #request.GET/POST
print("request_method_func:", request_method_func)
if request_method_func.get(item, None): # request字典中有此参数
args_matched = True
else:
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else: #当列表为空的时,上面for循环不执行
args_matched = True
#匹配有特定值的参数
kwargs_matched = False
for k, v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k,
None) # request字典中有此参数
print("perm kwargs check:", arg_val, type(arg_val), v,
type(v))
if arg_val == str(
v
): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
#开始匹配自定义权限钩子函数
perm_hook_matched = True
if perm_hook_func:
perm_hook_matched = perm_hook_func(request)
match_results = [
args_matched, kwargs_matched, perm_hook_matched
]
print("--->match_results ", match_results)
if all(match_results): #都匹配上了
match_key = permission_key
break
if all(match_results): # true or false
app_name, per_name = match_key.split('_', 1)
perm_obj = '%s.%s' % (app_name, match_key) # crm.crm_table_list
if request.user.has_perm(
perm_obj): # obj.has_perm(crm.crm_table_list): 判断是否有权限
print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs):
request = args[0]
resolve_url_obj = resolve(request.path)
current_url_name = resolve_url_obj.url_name # 当前url的url_name
print('---perm:', request.user, request.user.is_authenticated(),
current_url_name)
#match_flag = False
match_key = None
match_results = [
False,
] #后面会覆盖,加个False是为了让all(match_results)不出错
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for permission_key, permission_val in perm_dic.items():
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
custom_perm_func = None if len(
permission_val) == 4 else permission_val[4]
if per_url_name == current_url_name: #matches current request url
if per_method == request.method: #matches request method
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm check
# match_flag = True
# match_key = permission_key
# else:
#逐个匹配参数,看每个参数时候都能对应的上。
args_matched = False #for args only
for item in perm_args:
request_method_func = getattr(request, per_method)
if request_method_func.get(item, None): # request字典中有此参数
args_matched = True
else:
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
args_matched = True
#匹配有特定值的参数
kwargs_matched = False
for k, v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k,
None) # request字典中有此参数
print("perm kwargs check:", arg_val, type(arg_val), v,
type(v))
if arg_val == str(
v
): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
#自定义权限钩子
perm_func_matched = False
if custom_perm_func:
if custom_perm_func(request, args, kwargs):
perm_func_matched = True
else:
perm_func_matched = False #使整条权限失效
else: #没有定义权限钩子,所以默认通过
perm_func_matched = True
match_results = [
args_matched, kwargs_matched, perm_func_matched
]
print("--->match_results ", match_results)
if all(match_results): #都匹配上了
match_key = permission_key
break
if all(match_results):
app_name, *per_name = match_key.split('_')
print("--->matched ", match_results, match_key)
print(app_name, *per_name)
perm_obj = '%s.%s' % (app_name, match_key)
print("perm str:", perm_obj)
if request.user.has_perm(perm_obj):
print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs):
'''
1、获取当前请求的url
2、把url解析成url_name
3、判断用户是否已登录 user.is_authenticated() --判断用户是否已认证
4、拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数
5、拿匹配到的权限可以,调用user.has_perm(key)
'''
request = args[0]
resolve_url_obj = resolve(request.path)
current_url_name = resolve_url_obj.url_name # 当前url的url_name
print('---perm:', request.user, request.user.is_authenticated(),
current_url_name)
#match_flag = False
match_results = [None, dd]
match_key = None
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for permission_key, permission_val in perm_dic.items():
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
if per_url_name == current_url_name: #matches current request url
if per_method == request.method: #matches request method
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm
#逐个匹配参数,看每个参数时候都能对应的上。
args_matched = False #for args only
for item in perm_args:
request_method_func = getattr(request, per_method)
if request_method_func.get(item, None): # request字典中有此参数
args_matched = True
else:
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
args_matched = True
#匹配有特定值的参数
kwargs_matched = False
for k, v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k,
None) # request字典中有此参数
print("perm kwargs check:", arg_val, type(arg_val), v,
type(v))
if arg_val == str(
v
): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
match_results = [args_matched, kwargs_matched]
print("--->match_results ", match_results)
if all(match_results): #都匹配上了
match_key = permission_key
break
if all(match_results):
app_name, *per_name = match_key.split('_')
print("--->matched ", match_results, match_key)
print(app_name, *per_name)
perm_obj = '%s.%s' % (app_name, match_key)
print("perm str:", perm_obj)
if request.user.has_perm(perm_obj):
print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs):
#1.获取当前请求的url
#2.把url解析成url_name(通过resolve)
#3.判断用户是否已登录(user.is_authenticated())
#3.拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数
#4.拿匹配到可权限key,调用user.has_perm(key)
match_results = [
None,
]
request = args[0]
resolve_url_obj = resolve(request.path)
#通过resolve解析出当前访问的url_name
current_url_name = resolve_url_obj.url_name
# print('---perm:',request.user,request.user.is_authenticated(),current_url_name)
#match_flag = False
match_key = None
#判断用户是否登录
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for permission_key, permission_val in perm_dic.items():
#key和value(值有四个参数): 比如 'crm_table_index': ['table_index', 'GET', [], {}, ]
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
perm_hook_func = permission_val[4] if len(permission_val) > 4 else None
#如果当前访问的url_name匹配上了权限里面定义的url_name
if per_url_name == current_url_name:
#url_name匹配上,接着匹配方法(post,get....)
if per_method == request.method:
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm
#逐个匹配参数,看每个参数是否都能对应的上。
args_matched = False #for args only
for item in perm_args:
#通过反射获取到request.xxx函数 这里request_methon_func = request.GET/request.POST
request_method_func = getattr(request, per_method)
if request_method_func.get(item, None): # request字典中有此参数
args_matched = True
else:
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。因为可能有很多参数,必须所有参数都一样才匹配成功
else: # perm_dic里面的参数可能定义的就是空的,就走这里
args_matched = True
#匹配有特定值的参数
kwargs_matched = False
for k, v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k,
None) # request字典中有此参数
# print("perm kwargs check:",arg_val,type(arg_val),v,type(v))
if arg_val == str(
v
): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
#开始匹配自定义权限钩子函数
# perm_hook_matched = False
# if perm_hook_func:
# perm_hook_matched = perm_hook_func(request)
match_results = [args_matched, kwargs_matched]
# match_results = [args_matched,kwargs_matched,perm_hook_matched]
# print("--->match_results ", match_results)
#列表里面的元素都为真
if all(match_results): #都匹配上了
match_key = permission_key
break
if all(match_results):
#主要是获取到app_name
app_name, *per_name = match_key.split('_')
# print("--->matched ",match_results,match_key)
# print(app_name, *per_name)
#per_obj = 例如:crm.crm_obj_list
perm_obj = '%s.%s' % (app_name, match_key)
# print("perm str:",perm_obj)
if request.user.has_perm(perm_obj):
# print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args,**kwargs):
#1.获取当前请求的url
#2.把url解析成url_name(通过resolve)
#3.判断用户是否已登录(user.is_authenticated())
#3.拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数
#4.拿匹配到可权限key,调用user.has_perm(key)
match_results = [None,]
request = args[0]
resolve_url_obj = resolve(request.path)
#通过resolve解析出当前访问的url_name
current_url_name = resolve_url_obj.url_name
# print('---perm:',request.user,request.user.is_authenticated(),current_url_name)
#match_flag = False
match_key = None
#判断用户是否登录
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for permission_key,permission_val in perm_dic.items():
#key和value(值有四个参数): 比如 'crm_table_index': ['table_index', 'GET', [], {}, ]
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
perm_hook_func = permission_val[4] if len(permission_val) > 4 else None
#如果当前访问的url_name匹配上了权限里面定义的url_name
if per_url_name == current_url_name:
#url_name匹配上,接着匹配方法(post,get....)
if per_method == request.method:
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm
#逐个匹配参数,看每个参数是否都能对应的上。
args_matched = False #for args only
for item in perm_args:
#通过反射获取到request.xxx函数 这里request_methon_func = request.GET/request.POST
request_method_func = getattr(request,per_method)
if request_method_func.get(item,None): # request字典中有此参数
args_matched = True
else:
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。因为可能有很多参数,必须所有参数都一样才匹配成功
else: # perm_dic里面的参数可能定义的就是空的,就走这里
args_matched = True
#匹配有特定值的参数
kwargs_matched = False
for k,v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k, None) # request字典中有此参数
# print("perm kwargs check:",arg_val,type(arg_val),v,type(v))
if arg_val == str(v): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
#开始匹配自定义权限钩子函数
# perm_hook_matched = False
# if perm_hook_func:
# perm_hook_matched = perm_hook_func(request)
match_results = [args_matched,kwargs_matched]
# match_results = [args_matched,kwargs_matched,perm_hook_matched]
# print("--->match_results ", match_results)
#列表里面的元素都为真
if all(match_results): #都匹配上了
match_key = permission_key
break
if all(match_results):
#主要是获取到app_name
app_name, *per_name = match_key.split('_')
# print("--->matched ",match_results,match_key)
# print(app_name, *per_name)
#per_obj = 例如:crm.crm_obj_list
perm_obj = '%s.%s' % (app_name,match_key)
# print("perm str:",perm_obj)
if request.user.has_perm(perm_obj):
# print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs):
"""
1. 獲取當前請求的url
2. 把url反解成url_name(別名)
3. 判斷用戶是否已登錄
4. 拿url_name到perm_dict去匹配,匹配包括url_name, 方法, 參數
5. 拿到權限key(perm_dict的key),調用user.has_perm(key)
"""
request = args[0]
"""request.path獲取當前請求的url"""
resolve_url_obj = resolve(request.path) # resolve("網址") 為ResolverMatch對象
"""反解出url_name(當前url別名)"""
current_url_name = resolve_url_obj.url_name
# print('---perm:', request.user, request.user.is_authenticated(), current_url_name)
match_key = None
match_results = [None]
"""判斷用戶是否已登錄"""
if request.user.is_authenticated() is False: # 要登入成功才可繼續驗證
return redirect(settings.LOGIN_URL)
for permission_key, permission_val in perm_dic.items():
# 取出對應的key和所有value
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
perm_hook_func = permission_val[4] if len(
permission_val) > 4 else None # 因為不一定有鉤子函數,所以要判斷
"""url_name匹配"""
if per_url_name == current_url_name: # matches current request url
"""請求方法(GET/POST)匹配"""
if per_method == request.method: # matches request method
args_matched = False
"""[] 不特定參數匹配"""
for item in perm_args: # 逐一對應,看哪個能匹配上
request_method_func = getattr(
request, per_method) # request.GET/POST
if request_method_func.get(item,
None): # request.method中有此參數
args_matched = True
else:
args_matched = False
break # 只要有一個參數匹配不到就直接退出迴圈
else: # for-else語法,只要沒有被break,return等中斷迴圈,循環結束後都會執行
args_matched = True # 當perm_args=[]或都匹配上了時執行
"""{} 特定參數匹配"""
kwargs_matched = False
for k, v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(
k, None) # request.method中有此參數
# print("perm kwargs check:", arg_val, type(arg_val), v, type(v))
if arg_val == str(v): # 不只要有那個參數,值也必須匹配上
kwargs_matched = True
else:
kwargs_matched = False
break # 只要有一個參數匹配不到就直接退出迴圈
else:
kwargs_matched = True
"""func 自定義匹配權限鉤子函數(返回True或False)"""
perm_hook_matched = True
if perm_hook_func:
perm_hook_matched = perm_hook_func(request)
match_results = [
args_matched, kwargs_matched, perm_hook_matched
]
# print("--->match_results ", match_results)
# all()列表裡的元素都為真才為True
if all(match_results): # 所有參數都匹配上了
match_key = permission_key
break
if all(match_results):
# 第一個值賦給app_name,剩下的給per_name
app_name, *per_name = match_key.split('_')
# print("--->matched ", match_results, match_key)
print(app_name, *per_name)
perm_obj = '%s.%s' % (app_name, match_key) # EX: crm.crm_table_index
# print("perm str:", perm_obj)
"""調用user.has_perm(key)"""
if request.user.has_perm(perm_obj): # 判斷是否有此權限,參數為 app_name.權限名
# print("--->request.user", request.user)
# print("--->request.user", type(request.user))
print('有權限')
return True
else:
print('無權限')
return False
else:
print("無此權限")
def perm_check(*args,**kwargs):
request = args[0]
resolve_url_obj = resolve(request.path) # resolve可以将路径变成一个对象,里面包含一个别名url_name
current_url_name = resolve_url_obj.url_name # 当前url的url_name
print('---perm:',request.user,request.user.is_authenticated(),current_url_name)
#match_flag = False
match_results = [None,]
match_key = None
if request.user.is_authenticated() is False:
return redirect(settings.LOGIN_URL)
for permission_key,permission_val in perm_dic.items():
per_url_name = permission_val[0]
per_method = permission_val[1]
perm_args = permission_val[2]
perm_kwargs = permission_val[3]
# permission_val[4]有可能是一个函数对象
perm_hook_func = permission_val[4] if len(permission_val)>4 else None
# per_url_name是一个路径的别名,看是否与当前拿到的路径别名相同(current_url_name)
if per_url_name == current_url_name: # matches current request url
# 传入的方法是否相同,有可能是post,也有可能是get
if per_method == request.method: # matches request method
# if not perm_args: #if no args defined in perm dic, then set this request to passed perm
#逐个匹配参数,看每个参数时候都能对应的上。
args_matched = False #for args only
for item in perm_args:
request_method_func = getattr(request,per_method) # request.GET/POST
if request_method_func.get(item, None): # request字典中有此参数
args_matched = True
else: # 没有参数,直接break
print("arg not match......")
args_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:# 当列表为空的时候才走这里
args_matched = True
# 这里是字典匹配的地方
#匹配有特定值的参数
kwargs_matched = False
for k,v in perm_kwargs.items():
request_method_func = getattr(request, per_method)
arg_val = request_method_func.get(k, None) # request字典中有此参数
print("perm kwargs check:",arg_val,type(arg_val),v,type(v))
if arg_val == str(v): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数
kwargs_matched = True
else:
kwargs_matched = False
break # 有一个参数不能匹配成功,则判定为假,退出该循环。
else:
kwargs_matched = True
# 开始匹配自定义权限钩子函数, 接着上面28行函数
perm_hook_matched = False
if perm_hook_func:
perm_hook_matched = perm_hook_func(request)
match_results = [args_matched,kwargs_matched,perm_hook_matched]
print("--->match_results ", match_results)
if all(match_results): #都匹配上了
match_key = permission_key # 把一开始for循环的key(permission_key)赋值给了match_key
break
if all(match_results):
app_name, *per_name = match_key.split('_')
print("--->matched ",match_results,match_key)
print(app_name, *per_name)
perm_obj = '%s.%s' % (app_name,match_key)
print("perm str:",perm_obj)
if request.user.has_perm(perm_obj):
print('当前用户有此权限')
return True
else:
print('当前用户没有该权限')
return False
else:
print("未匹配到权限项,当前用户无权限")