In the web project, according to different users, they will definitely limit their different permissions. Using the following modules, almost all the daily permissions can be controlled
Permission ﹐ hook.py ﹐ custom permission control, must return True/false, True for permission, false for rejection
Permission? List.py? Control user permissions according to url, access method and parameters
permissions.py first determines whether the user has the permission in permission list.py. If the authentication passes, the user's custom permission will be verified finally.
Example:
permission_hook.p:
def check_self_user(request): ''' Users can only filter their own customers ''' if request.GET.get('consultant') == str(request.user.id): return True if request.GET.get('consultant'): print('Prohibit viewing non own customers') return False return True
Permission? List.py? Control user permissions according to url, access method and parameters
from kingadmin import permission_hook permission_dict={ 'crm_table_obj_list':['table_obj_list','GET',[],{},permission_hook.check_self_user], 'crm_table_obj_view':['table_obj_change','GET',[],{}], 'crm_table_obj_change':['table_obj_change','POST',[],{}] }
permissions.py
from django.core.urlresolvers import resolve from kingadmin.permission_list import permission_dict from django.shortcuts import redirect,render,HttpResponse from django.utils.safestring import mark_safe def check_permission(*args,**kwargs): request=args[0] request_url=resolve(request.path).url_name match_key=None args_check=None kwarg_check=None if request.user.is_authenticated() is False: return redirect('/login/') for permission_key,val in permission_dict.items(): print('implement args Permission check-------------') per_url=val[0] per_method=val[1] per_args=val[2] per_kwargs=val[3] per_hook_func=val[4] if len(permission_dict[permission_key]) > 4 else None if request_url == per_url: if request.method == per_method: args_check=False for arg in per_args: request_func=getattr(request,per_method) if request_func.get(arg,None): args_check=True print('existence arg parameter') else: print('The specified does not exist arg parameter') args_check=False break else: print('No permission restriction, pass by default') args_check=True kwarg_check=False for arg_name,arg_val in per_kwargs.items(): print('implement kwargs Permission check-------------') request_func=getattr(request,per_method) if request_func.get(arg_name) == str(arg_val): kwarg_check=True else: kwarg_check=False break else: kwarg_check=True print('Not done kwargs Limit, pass by default') per_func=False print('Execute user-defined hook function') if per_hook_func: per_func=per_hook_func(request) else: per_func=True per_res=[args_check,kwarg_check,per_func] if all(per_res): match_key=permission_key print('Permission matching results:',per_res) break if all(per_res): appname,*per_name=match_key.split('_') per_obj='%s.%s'%(appname,match_key) if request.user.has_perm(per_obj): print('All permission checks passed') return True else: print('Permission check failed') return False else: print('No rights matched') return False def check_per(func): def inner(*args,**kwargs): if not check_permission(*args,**kwargs): return HttpResponse(mark_safe('<h1>403 You don't have permission</h1>')) else: return func(*args,**kwargs) return inner
Finally, you only need to add a decorator in views where you want to use the permission control function:
from kingadmin.permissions import check_per @check_per def table_obj_change(request): pass