python-Web-django-路由保护 

from django.shortcuts import redirect,HttpResponse
from app01.models import *
import re

def ddff(module):
    '''登陆控制'''
    def deco(request):
        try:
            if request.session['manage_name']:
                return module(request)
            else:
                return redirect("/back/login/login/")
        except KeyError:
            return redirect("/back/login/login/")
    return deco

# list
def ddff_list(module):
    '''登陆控制'''
    def deco(request):
        try:
            if request.session['manage_name']:

                # 获取所有权限
                functions = getfunctions(request)
                # 获取url查询条件
                function_ = geturlf(request)
                if function_ in functions:
                    '''有权限'''
                    print('有权限')
                    return module(request)
                else:
                    '''无权限'''
                    print('无权限')
                    return HttpResponse('<h1 align="center">无权限</h1>')
                    # return redirect("/back/login/login/")
            else:
                return redirect("/back/login/login/")
        except KeyError:
            return redirect("/back/login/login/")
    return deco

# add
def defense_url(module):
    '''防御url'''
    def deco(request,aid=None):
        if aid != None:
            return module(request,aid)
        try:
            if request.session['manage_name']:

                # 获取所有权限
                functions = getfunctions(request)
                # 获取url查询条件
                function_ = geturlf(request)
                if function_ in functions:
                    '''有权限'''
                    print('有权限')
                    return module(request,aid)
                else:
                    '''无权限'''
                    print('无权限')
                    return HttpResponse('<h1 align="center">无权限</h1>')
                    # return redirect("/back/login/login/")
            else:
                return redirect("/back/login/login/")
        except KeyError:
            return redirect("/back/login/login/")
    return deco

def geturlf(request):
    '''url权限'''
    requesturl = request.path
    # 链接
    if re.findall('list', requesturl):
        function_ = Function.objects.filter(href_list=requesturl).first()
    elif re.findall('add', requesturl):
        function_ = Function.objects.filter(href_add=requesturl).first()
    else:
        function_ = Function.objects.filter(href_t=requesturl).first()
    return function_

def getfunctions(request):
    '''权限拼接'''
    manage_id = request.session['manage_id']
    if manage_id == 1:
        # 超管
        functions = Function.objects.all()
    else:
        functions = []
        manage_id = request.session['manage_id']
        # 个人所有职位
        mp_objs = MP.objects.filter(manage_id=manage_id)
        for mp_obj in mp_objs:
            # 一个职位所有权限
            pf_objs = PF.objects.filter(position_id=mp_obj.position_id)
            # 一个职位权限id列表
            id_list = []
            for pf_obj in pf_objs:
                id_str = (pf_obj.function).split(',')
                for i in id_str:
                    if i not in id_list:
                        id_list.append(i)
            print(id_list)
            for i in id_list:
                # 一个权限id对应一个权限
                function_obj = Function.objects.filter(id=i).first()
                if function_obj not in functions:
                    functions.append(function_obj)
                    # 一会做限制
    return functions

 

posted @ 2019-08-21 19:56  一觉昏睡人  阅读(360)  评论(0)    收藏  举报