修改上一篇文章创建的用户表
from django.contrib.auth.hashers import make_password, check_password
from django.contrib.auth.models import AbstractBaseUser
class User(AbstractBaseUser):
username = models.CharField(max_length=255, unique=True, verbose_name="手机号")
password = models.CharField(max_length=255, unique=False, verbose_name="密码")
is_vip = models.BooleanField(default=False,verbose_name="是否为vip")
vip_expires_at = models.DateTimeField(auto_now_add=True,verbose_name="vip过期时间")
is_active = models.BooleanField(default=True)
USERNAME_FIELD = 'username'
def set_password(self, raw_password):
self.password = make_password(raw_password)
def check_password(self, raw_password):
return check_password(raw_password, self.password)
class Meta:
db_table = "blog_user"
verbose_name = "用户表"
verbose_name_plural = verbose_name
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
角色权限表
角色表
class Role(models.Model):
role_name = models.CharField('角色名字', max_length=16)
class Meta:
db_table = "blog_role"
verbose_name = "角色表"
verbose_name_plural = verbose_name
class Access(models.Model):
name = models.CharField('用户权限名称', max_length=256)
path = models.CharField('用户权限路由', max_length=256)
method = models.CharField('用户权限请求方式', max_length=16)
types = models.CharField('权限类型', blank=True, null=True, max_length=10)
class Meta:
db_table = "blog_access"
verbose_name = "权限表"
verbose_name_plural = verbose_name
class UserRole(models.Model):
user_id = models.IntegerField('用户ID', null=True, blank=True)
role_id = models.IntegerField('角色ID', null=True, blank=True)
class Meta:
db_table = "blog_user_role"
verbose_name = "用户角色表"
verbose_name_plural = verbose_name
class RoleAccess(models.Model):
role_id = models.IntegerField('角色ID', null=True, blank=True)
acc_id = models.IntegerField('权限ID', null=True, blank=True)
class Meta:
db_table = "blog_role_access"
verbose_name = "角色权限表"
verbose_name_plural = verbose_name
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
在settings.py中配置自定义用户模型
数据库迁移
python manage.py makemigrations
python manage.py migrate
在app:userauth的视图中写一个获取用户信息的接口
from rest_framework.views import APIView
from rest_framework.response import Response
from userauth.models import User
from systemauth.models import Role, Access, UserRole, RoleAccess
class UserInfoView(APIView):
def post(self, request,*args, **kwargs):
print('获取用户信息',request.user.username)
user_info = User.objects.get(username=request.user.username)
role_info = UserRole.objects.filter(user_id=user_info.id)
role_id_lst = [role.id for role in role_info]
role_access_info = RoleAccess.objects.filter(role_id__in=role_id_lst)
access_id_lst = [access.acc_id for access in role_access_info]
access_info = Access.objects.filter(id__in=access_id_lst)
permission_info = list()
for access in access_info:
permission_info.append({
'name': access.name,
'path': access.path,
'method': access.method,
'types': access.types
})
request.session['permission_info'] = permission_info
return Response({'permission_info': request.session.get('permission_info')})
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
在utils目录中编写权限中间件permission.py
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse
class PermissionMiddleware(MiddlewareMixin):
def process_request(self, request):
print('RABC权限中间件')
request_path = request.path
white_lst = ['/userauth/login/', "/userauth/userinfo/"]
if request_path in white_lst:
return None
permission_info = request.session.get('permission_info',[])
permission_api_lst = [info.get('path') for info in permission_info]
if request_path in permission_api_lst:
return None
return HttpResponse("您没有访问权限")
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
在settings.py中配置自定义权限中间件
在表中配置一些测试数据,然后用postman进行测试。
