def perm_check(*args,**kwargs): request = args[0] resolve_url_obj = resolve(request.path) current_url_name = resolve_url_obj.url_name # 当前url的url_name print('---perm:',request.user,request.user.is_authenticated(),current_url_name) match_flag = False match_key = None if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for per_key,per_val in perm_dic.items(): per_url_name, per_method,per_args = per_val if per_url_name == current_url_name: #matches current request url if per_method == request.method: #matches request method if not per_args: #if no args defined in perm dic, then set this request to passed perm check match_flag = True match_key = per_key else: #逐个匹配参数,看每个参数时候都能对应的上。 for item in per_args: request_method_fun = getattr(request,per_method) if request_method_fun.get(item,None):# request字典中有此参数 match_flag = True else: match_flag = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 if match_flag == True: match_key = per_key break if match_flag: app_name, *per_name = match_key.split('_') print("--->matched ",match_flag,match_key) print(app_name, *per_name) perm_obj = '%s.%s' % (app_name,match_key) print("perm str:",perm_obj) if request.user.has_perm(perm_obj): print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs): request = args[0] resolve_url_obj = resolve( request.path) #通过resolve()方法,可获得url_name ,resolve_url_obj是个集合 current_url_name = resolve_url_obj.url_name # 当前url的url_name print('---perm:', request.user, request.user.is_authenticated, current_url_name, request.method) #match_flag = False match_results = [ None, ] match_key = None if request.user.is_authenticated is False: return redirect(settings.LOGIN_URL) for permission_key, permission_val in perm_dic.items(): per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] perm_hook_func = permission_val[4] if len(permission_val) > 4 else None if per_url_name == current_url_name: #matches current request url if per_method == request.method: #matches request method # if not perm_args: #if no args defined in perm dic, then set this request to passed perm #逐个匹配参数,看每个参数时候都能对应的上。 args_matched = False #for args only用于判断过滤等条件是否成功 for item in perm_args: request_method_func = getattr( request, per_method) #request.GET/POST print("request_method_func:", request_method_func) if request_method_func.get(item, None): # request字典中有此参数 args_matched = True else: print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: #当列表为空的时,上面for循环不执行 args_matched = True #匹配有特定值的参数 kwargs_matched = False for k, v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 print("perm kwargs check:", arg_val, type(arg_val), v, type(v)) if arg_val == str( v ): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True #开始匹配自定义权限钩子函数 perm_hook_matched = True if perm_hook_func: perm_hook_matched = perm_hook_func(request) match_results = [ args_matched, kwargs_matched, perm_hook_matched ] print("--->match_results ", match_results) if all(match_results): #都匹配上了 match_key = permission_key break if all(match_results): # true or false app_name, per_name = match_key.split('_', 1) perm_obj = '%s.%s' % (app_name, match_key) # crm.crm_table_list if request.user.has_perm( perm_obj): # obj.has_perm(crm.crm_table_list): 判断是否有权限 print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs): request = args[0] resolve_url_obj = resolve(request.path) current_url_name = resolve_url_obj.url_name # 当前url的url_name print('---perm:', request.user, request.user.is_authenticated(), current_url_name) #match_flag = False match_key = None match_results = [ False, ] #后面会覆盖,加个False是为了让all(match_results)不出错 if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for permission_key, permission_val in perm_dic.items(): per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] custom_perm_func = None if len( permission_val) == 4 else permission_val[4] if per_url_name == current_url_name: #matches current request url if per_method == request.method: #matches request method # if not perm_args: #if no args defined in perm dic, then set this request to passed perm check # match_flag = True # match_key = permission_key # else: #逐个匹配参数,看每个参数时候都能对应的上。 args_matched = False #for args only for item in perm_args: request_method_func = getattr(request, per_method) if request_method_func.get(item, None): # request字典中有此参数 args_matched = True else: print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: args_matched = True #匹配有特定值的参数 kwargs_matched = False for k, v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 print("perm kwargs check:", arg_val, type(arg_val), v, type(v)) if arg_val == str( v ): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True #自定义权限钩子 perm_func_matched = False if custom_perm_func: if custom_perm_func(request, args, kwargs): perm_func_matched = True else: perm_func_matched = False #使整条权限失效 else: #没有定义权限钩子,所以默认通过 perm_func_matched = True match_results = [ args_matched, kwargs_matched, perm_func_matched ] print("--->match_results ", match_results) if all(match_results): #都匹配上了 match_key = permission_key break if all(match_results): app_name, *per_name = match_key.split('_') print("--->matched ", match_results, match_key) print(app_name, *per_name) perm_obj = '%s.%s' % (app_name, match_key) print("perm str:", perm_obj) if request.user.has_perm(perm_obj): print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs): ''' 1、获取当前请求的url 2、把url解析成url_name 3、判断用户是否已登录 user.is_authenticated() --判断用户是否已认证 4、拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数 5、拿匹配到的权限可以,调用user.has_perm(key) ''' request = args[0] resolve_url_obj = resolve(request.path) current_url_name = resolve_url_obj.url_name # 当前url的url_name print('---perm:', request.user, request.user.is_authenticated(), current_url_name) #match_flag = False match_results = [None, dd] match_key = None if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for permission_key, permission_val in perm_dic.items(): per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] if per_url_name == current_url_name: #matches current request url if per_method == request.method: #matches request method # if not perm_args: #if no args defined in perm dic, then set this request to passed perm #逐个匹配参数,看每个参数时候都能对应的上。 args_matched = False #for args only for item in perm_args: request_method_func = getattr(request, per_method) if request_method_func.get(item, None): # request字典中有此参数 args_matched = True else: print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: args_matched = True #匹配有特定值的参数 kwargs_matched = False for k, v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 print("perm kwargs check:", arg_val, type(arg_val), v, type(v)) if arg_val == str( v ): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True match_results = [args_matched, kwargs_matched] print("--->match_results ", match_results) if all(match_results): #都匹配上了 match_key = permission_key break if all(match_results): app_name, *per_name = match_key.split('_') print("--->matched ", match_results, match_key) print(app_name, *per_name) perm_obj = '%s.%s' % (app_name, match_key) print("perm str:", perm_obj) if request.user.has_perm(perm_obj): print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs): #1.获取当前请求的url #2.把url解析成url_name(通过resolve) #3.判断用户是否已登录(user.is_authenticated()) #3.拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数 #4.拿匹配到可权限key,调用user.has_perm(key) match_results = [ None, ] request = args[0] resolve_url_obj = resolve(request.path) #通过resolve解析出当前访问的url_name current_url_name = resolve_url_obj.url_name # print('---perm:',request.user,request.user.is_authenticated(),current_url_name) #match_flag = False match_key = None #判断用户是否登录 if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for permission_key, permission_val in perm_dic.items(): #key和value(值有四个参数): 比如 'crm_table_index': ['table_index', 'GET', [], {}, ] per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] perm_hook_func = permission_val[4] if len(permission_val) > 4 else None #如果当前访问的url_name匹配上了权限里面定义的url_name if per_url_name == current_url_name: #url_name匹配上,接着匹配方法(post,get....) if per_method == request.method: # if not perm_args: #if no args defined in perm dic, then set this request to passed perm #逐个匹配参数,看每个参数是否都能对应的上。 args_matched = False #for args only for item in perm_args: #通过反射获取到request.xxx函数 这里request_methon_func = request.GET/request.POST request_method_func = getattr(request, per_method) if request_method_func.get(item, None): # request字典中有此参数 args_matched = True else: print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。因为可能有很多参数,必须所有参数都一样才匹配成功 else: # perm_dic里面的参数可能定义的就是空的,就走这里 args_matched = True #匹配有特定值的参数 kwargs_matched = False for k, v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 # print("perm kwargs check:",arg_val,type(arg_val),v,type(v)) if arg_val == str( v ): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True #开始匹配自定义权限钩子函数 # perm_hook_matched = False # if perm_hook_func: # perm_hook_matched = perm_hook_func(request) match_results = [args_matched, kwargs_matched] # match_results = [args_matched,kwargs_matched,perm_hook_matched] # print("--->match_results ", match_results) #列表里面的元素都为真 if all(match_results): #都匹配上了 match_key = permission_key break if all(match_results): #主要是获取到app_name app_name, *per_name = match_key.split('_') # print("--->matched ",match_results,match_key) # print(app_name, *per_name) #per_obj = 例如:crm.crm_obj_list perm_obj = '%s.%s' % (app_name, match_key) # print("perm str:",perm_obj) if request.user.has_perm(perm_obj): # print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args,**kwargs): #1.获取当前请求的url #2.把url解析成url_name(通过resolve) #3.判断用户是否已登录(user.is_authenticated()) #3.拿url_name到permission_dict去匹配,匹配时要包括请求方法和参数 #4.拿匹配到可权限key,调用user.has_perm(key) match_results = [None,] request = args[0] resolve_url_obj = resolve(request.path) #通过resolve解析出当前访问的url_name current_url_name = resolve_url_obj.url_name # print('---perm:',request.user,request.user.is_authenticated(),current_url_name) #match_flag = False match_key = None #判断用户是否登录 if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for permission_key,permission_val in perm_dic.items(): #key和value(值有四个参数): 比如 'crm_table_index': ['table_index', 'GET', [], {}, ] per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] perm_hook_func = permission_val[4] if len(permission_val) > 4 else None #如果当前访问的url_name匹配上了权限里面定义的url_name if per_url_name == current_url_name: #url_name匹配上,接着匹配方法(post,get....) if per_method == request.method: # if not perm_args: #if no args defined in perm dic, then set this request to passed perm #逐个匹配参数,看每个参数是否都能对应的上。 args_matched = False #for args only for item in perm_args: #通过反射获取到request.xxx函数 这里request_methon_func = request.GET/request.POST request_method_func = getattr(request,per_method) if request_method_func.get(item,None): # request字典中有此参数 args_matched = True else: print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。因为可能有很多参数,必须所有参数都一样才匹配成功 else: # perm_dic里面的参数可能定义的就是空的,就走这里 args_matched = True #匹配有特定值的参数 kwargs_matched = False for k,v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 # print("perm kwargs check:",arg_val,type(arg_val),v,type(v)) if arg_val == str(v): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True #开始匹配自定义权限钩子函数 # perm_hook_matched = False # if perm_hook_func: # perm_hook_matched = perm_hook_func(request) match_results = [args_matched,kwargs_matched] # match_results = [args_matched,kwargs_matched,perm_hook_matched] # print("--->match_results ", match_results) #列表里面的元素都为真 if all(match_results): #都匹配上了 match_key = permission_key break if all(match_results): #主要是获取到app_name app_name, *per_name = match_key.split('_') # print("--->matched ",match_results,match_key) # print(app_name, *per_name) #per_obj = 例如:crm.crm_obj_list perm_obj = '%s.%s' % (app_name,match_key) # print("perm str:",perm_obj) if request.user.has_perm(perm_obj): # print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")
def perm_check(*args, **kwargs): """ 1. 獲取當前請求的url 2. 把url反解成url_name(別名) 3. 判斷用戶是否已登錄 4. 拿url_name到perm_dict去匹配,匹配包括url_name, 方法, 參數 5. 拿到權限key(perm_dict的key),調用user.has_perm(key) """ request = args[0] """request.path獲取當前請求的url""" resolve_url_obj = resolve(request.path) # resolve("網址") 為ResolverMatch對象 """反解出url_name(當前url別名)""" current_url_name = resolve_url_obj.url_name # print('---perm:', request.user, request.user.is_authenticated(), current_url_name) match_key = None match_results = [None] """判斷用戶是否已登錄""" if request.user.is_authenticated() is False: # 要登入成功才可繼續驗證 return redirect(settings.LOGIN_URL) for permission_key, permission_val in perm_dic.items(): # 取出對應的key和所有value per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] perm_hook_func = permission_val[4] if len( permission_val) > 4 else None # 因為不一定有鉤子函數,所以要判斷 """url_name匹配""" if per_url_name == current_url_name: # matches current request url """請求方法(GET/POST)匹配""" if per_method == request.method: # matches request method args_matched = False """[] 不特定參數匹配""" for item in perm_args: # 逐一對應,看哪個能匹配上 request_method_func = getattr( request, per_method) # request.GET/POST if request_method_func.get(item, None): # request.method中有此參數 args_matched = True else: args_matched = False break # 只要有一個參數匹配不到就直接退出迴圈 else: # for-else語法,只要沒有被break,return等中斷迴圈,循環結束後都會執行 args_matched = True # 當perm_args=[]或都匹配上了時執行 """{} 特定參數匹配""" kwargs_matched = False for k, v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get( k, None) # request.method中有此參數 # print("perm kwargs check:", arg_val, type(arg_val), v, type(v)) if arg_val == str(v): # 不只要有那個參數,值也必須匹配上 kwargs_matched = True else: kwargs_matched = False break # 只要有一個參數匹配不到就直接退出迴圈 else: kwargs_matched = True """func 自定義匹配權限鉤子函數(返回True或False)""" perm_hook_matched = True if perm_hook_func: perm_hook_matched = perm_hook_func(request) match_results = [ args_matched, kwargs_matched, perm_hook_matched ] # print("--->match_results ", match_results) # all()列表裡的元素都為真才為True if all(match_results): # 所有參數都匹配上了 match_key = permission_key break if all(match_results): # 第一個值賦給app_name,剩下的給per_name app_name, *per_name = match_key.split('_') # print("--->matched ", match_results, match_key) print(app_name, *per_name) perm_obj = '%s.%s' % (app_name, match_key) # EX: crm.crm_table_index # print("perm str:", perm_obj) """調用user.has_perm(key)""" if request.user.has_perm(perm_obj): # 判斷是否有此權限,參數為 app_name.權限名 # print("--->request.user", request.user) # print("--->request.user", type(request.user)) print('有權限') return True else: print('無權限') return False else: print("無此權限")
def perm_check(*args,**kwargs): request = args[0] resolve_url_obj = resolve(request.path) # resolve可以将路径变成一个对象,里面包含一个别名url_name current_url_name = resolve_url_obj.url_name # 当前url的url_name print('---perm:',request.user,request.user.is_authenticated(),current_url_name) #match_flag = False match_results = [None,] match_key = None if request.user.is_authenticated() is False: return redirect(settings.LOGIN_URL) for permission_key,permission_val in perm_dic.items(): per_url_name = permission_val[0] per_method = permission_val[1] perm_args = permission_val[2] perm_kwargs = permission_val[3] # permission_val[4]有可能是一个函数对象 perm_hook_func = permission_val[4] if len(permission_val)>4 else None # per_url_name是一个路径的别名,看是否与当前拿到的路径别名相同(current_url_name) if per_url_name == current_url_name: # matches current request url # 传入的方法是否相同,有可能是post,也有可能是get if per_method == request.method: # matches request method # if not perm_args: #if no args defined in perm dic, then set this request to passed perm #逐个匹配参数,看每个参数时候都能对应的上。 args_matched = False #for args only for item in perm_args: request_method_func = getattr(request,per_method) # request.GET/POST if request_method_func.get(item, None): # request字典中有此参数 args_matched = True else: # 没有参数,直接break print("arg not match......") args_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else:# 当列表为空的时候才走这里 args_matched = True # 这里是字典匹配的地方 #匹配有特定值的参数 kwargs_matched = False for k,v in perm_kwargs.items(): request_method_func = getattr(request, per_method) arg_val = request_method_func.get(k, None) # request字典中有此参数 print("perm kwargs check:",arg_val,type(arg_val),v,type(v)) if arg_val == str(v): #匹配上了特定的参数 及对应的 参数值, 比如,需要request 对象里必须有一个叫 user_id=3的参数 kwargs_matched = True else: kwargs_matched = False break # 有一个参数不能匹配成功,则判定为假,退出该循环。 else: kwargs_matched = True # 开始匹配自定义权限钩子函数, 接着上面28行函数 perm_hook_matched = False if perm_hook_func: perm_hook_matched = perm_hook_func(request) match_results = [args_matched,kwargs_matched,perm_hook_matched] print("--->match_results ", match_results) if all(match_results): #都匹配上了 match_key = permission_key # 把一开始for循环的key(permission_key)赋值给了match_key break if all(match_results): app_name, *per_name = match_key.split('_') print("--->matched ",match_results,match_key) print(app_name, *per_name) perm_obj = '%s.%s' % (app_name,match_key) print("perm str:",perm_obj) if request.user.has_perm(perm_obj): print('当前用户有此权限') return True else: print('当前用户没有该权限') return False else: print("未匹配到权限项,当前用户无权限")