3.基本权限验证之基于中间件实现权限信息校验

思路：编写中间件实现权限信息校验

# 导入中间件
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import render
import re

# 自定义类，继承MiddlewareMixin
class RbacMiddleware(MiddlewareMixin):
   def process_request(self, request):
      # 获取当前请求的url
      current_url = request.path_info

      # 白名单处理
      valid_url = ['^/login/$', '^/admin/.*']
      for reg in valid_url:
          if re.match(reg, current_url):
             return None
     
      # 获取当前用户session中的权限信息
      permission_list = request.session.get('permission')
      if not perimission:
         return redirect('/login/')
      
      # 进行权限校验
      flag = False
      for permission in permission_list:
          reg = '^%s$' % permission.get('permissions__url')   # ^是开头，$是结尾
          if re.match(reg, current_url):
             flag = True
             break
      if not flag:
      return HttpResponse('无权访问')

在setting中注册自定义的middleware

MIDDLEWARE = []