django项目后台权限管理功能。
对后台管理员进行分角色,分类别管理,每个管理员登录账号后只显示自己负责的权限范围。
创建后台管理数据库
models.py文件内
# 管理员表
class Superuser(models.Model):
super_id=models.AutoField(primary_key=True)
super_name=models.CharField(max_length=255)
super_pwd=models.CharField(max_length=255)
role = models.ManyToManyField(to='Role', )
#后台菜单表
class Menu(models.Model):
"""
菜单表
"""
name = models.CharField(verbose_name='菜单名', max_length=255)
path = models.CharField(verbose_name='路径', max_length=255,
null=True,
blank=True) # null :针对数据库,如果 null=True, 表示数据库的该字段可以为空,即在Null字段显示为YES。blank :针对表单,如果 blank=True,表示你的表单填写该字段时可以不填,但是对数据库来说,没有任何影响
pid = models.ForeignKey(verbose_name='关联的权限', to='Menu', null=True, blank=True, related_name='parents',
help_text='父id', on_delete=models.CASCADE) # def __str__(self):
# return self.name # 权限表
class Permission(models.Model):
"""
权限表
"""
name = models.CharField(verbose_name='权限名', max_length=255)
path = models.CharField(verbose_name='路径', max_length=255,
null=True,
blank=True) # null :针对数据库,如果 null=True, 表示数据库的该字段可以为空,即在Null字段显示为YES。blank :针对表单,如果 blank=True,表示你的表单填写该字段时可以不填,但是对数据库来说,没有任何影响
pid = models.ForeignKey(verbose_name='关联的权限', to='Permission', null=True, blank=True, related_name='parents',
help_text='父id', on_delete=models.CASCADE)
#1对多
menu = models.ForeignKey(verbose_name='所属菜单', to='Menu', null=True, blank=True, help_text='null表示不是菜单;非null表示是二级菜单',on_delete=models.CASCADE)
# def __str__(self):
# return self.name #角色表
class Role(models.Model):
"""
角色表
"""
name = models.CharField(verbose_name='角色名', max_length=255)
access = models.CharField(verbose_name='可以访问的权限', max_length=255,
null=True,
blank=True)
创建和迁移数据库命令
python manage.py makemigrations
python manage.py migrate
应用目录下定义中间件,my_middleware.py文件,用来使权限生效。
from django.utils.deprecation import MiddlewareMixin
from django.shortcuts import HttpResponse,redirect
from blog.models import Role,Superuser,Menu,Permission
import json class AuthMiddleware(MiddlewareMixin):
# 重写process_request方法
def process_request(self, request):
# 如果路径中包含back即为后台路径
if 'back/' in request.path:
# 获取用户登录的id
super_id = request.session.get('super_id')
# 判断是否登录,未登录则跳转至登录界面
if not super_id and request.path != '/back/index/login/':
return redirect('/back/index/login/')
if super_id:
# 判读当前登录用户,是否拥有访问此路径的权限
role_objs = Superuser.objects.filter(super_id=super_id).first().role.all().values('id')# 查询用户角色
permission_obj = Permission.objects.filter(path=request.path).first() # 当前访问的权限id
# 如果查询到有权限对象
if permission_obj:
# 定义权限列表
permission_list=[]
# 遍历角色对象
for role in role_objs:
# print(role['id'])
# 获取角色的权限
access_obj=Role.objects.filter(id=role['id']).first()
# 向权限列表中添加数据
permission_list.extend(access_obj.access.split(","))
# print(permission_list)
# 如果当前访问的权限id,不在权限列表汇总,返回无权限
if str(permission_obj.id) not in permission_list:
if request.method=='POST':
res={'status':1,'info':'无权限'}
return HttpResponse(json.dumps(res))
# if permission_obj.id not in permission_list:
return HttpResponse("无权限")
else:
return None
settings.py文件中添加定义的中间件
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'blog.my_middlewares.AuthMiddleware',
]
写功能,
菜单管理功能
前端引入
<script src="/static/jQuery-1.8.2.min.js"></script>
<script src="/static/layer/layer.js"></script>
前端html
#菜单列表、删除,编辑
<table class="tablelist">
<thead>
<tr>
{# <th><input name="" type="checkbox" value="" checked="checked"/></th>#}
<th>菜单序号<i class="sort"><img src="/static/back/images/px.gif"/></i></th>
<th>菜单名称</th>
<th>菜单等级</th>
<th>上级菜单</th>
<th>操作</th>
</tr>
</thead>
<tbody>
{% for v in menu_list %}
<tr>
{# <td><input name="" type="checkbox" value=""/></td>#}
<td>{{ forloop.counter }}</td>
<td>{{ v.name }}</td> <td>
<h6>一级菜单</h6>
</td>
<td>
<h6>无</h6>
</td> <td>
<a href="javascript:;" data-id="{{ v.id }}" class="tablelink del_1">删除</a>
<a href="/back/article/editor_menu_f/{{ v.id }}/" data-editor="{{ v.super_id }}"
class="tablelink editor">编辑</a> </td> </tr>
{% endfor %}
{% for v in menu_list_z %}
<tr>
{# <td><input name="" type="checkbox" value=""/></td>#}
<td>{{ forloop.counter }}</td>
<td>{{ v.name }}</td> <td>
<h6>二级菜单</h6>
</td>
<td>
<h6>{{ v.pid.name }}</h6>
</td> <td>
<a href="javascript:;" data-id="{{ v.id }}" class="tablelink del_2">删除</a>
<a href="/back/article/editor_menu_z/{{ v.id }}/" data-editor="{{ v.super_id }}"
class="tablelink editor">编辑</a> </td> </tr>
{% endfor %} </tbody>
</table> #新增菜单
<form method="post" onsubmit="return false" id="menu_1">
{% csrf_token %}
<table class="tablelist">
<thead>
<tr>
<th>新增一级菜单</th>
</tr>
<tr>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入菜单名称" name="menu_name">
</th>
</tr>
</thead>
</table>
<input type="button" value="提交" id="onsubmit" style="width: 100px; height: 30px;">
</form>
<br><br>
<form method="post" onsubmit="return false" id="menu_2">
{% csrf_token %}
<table class="tablelist">
<thead>
<tr>
<th>新增二级菜单</th>
</tr>
<tr>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入菜单名称" name="menu_name">
</th>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入菜单路径" name="menu_path">
</th> <th> <select name="pid">
<option value="" style="display: none">选择所属一级菜单</option>
{% for v in menu_list %}
<option value="{{ v.id }}">{{ v.name }}</option>
{% endfor %}
</select> </th> </tr>
</thead>
</table> <input type="button" value="提交" id="onsubmit2" style="width: 100px; height: 30px;">
</form>
前端js
<script>
{# 添加一级菜单#}
$(document).ready(function () {
$('#onsubmit').click(function () {
$.post('/back/article/menu_add/', $('#menu_1').serialize(), function (data) {
if (data['status'] == 0) {
layer.msg(data['info'])
location.href='/back/article/menu_add/'
} else {
layer.msg(data['info'])
}
}, 'json')
})
})
{#添加二级菜单#}
$(document).ready(function () {
$('#onsubmit2').click(function () {
$.post('/back/article/menu_add1/', $('#menu_2').serialize(), function (data) {
if (data['status'] == 0) {
layer.msg(data['info'])
location.href='/back/article/menu_add/'
} else {
layer.msg(data['info'])
}
}, 'json')
})
});
{# 删除一级菜单#}
$(document).ready(function () {
$('.del_1').click(function () {
_this=this;
layer.confirm('删除一级菜单会连带删除所属二级菜单,确定删除吗?',{
btn:['确定','取消']
},function(){
id=$(_this).data('id');
$.post('/back/article/menu_del_f/',{'id':id,'csrfmiddlewaretoken':'{{ csrf_token }}'},function (data) {
if (data['status']==0){
layer.msg(data['info'])
location.href='/back/article/menu_add/'
}else {
layer.msg(data['info'])
}
},'json')
},function () { }) })
})
{# 删除二级菜单#}
$(document).ready(function () {
$('.del_2').click(function () {
_this=this;
layer.confirm('确定删除这个二级菜单吗?',{
btn:['确定','取消']
},function(){
id=$(_this).data('id');
$.post('/back/article/menu_del_z/',{'id':id,'csrfmiddlewaretoken':'{{ csrf_token }}'},function (data) {
if (data['status']==0){
layer.msg(data['info'])
location.href='/back/article/menu_add/'
}else {
layer.msg(data['info'])
}
},'json')
},function () { }) })
})
</script>
路由
# 新增一级菜单
re_path('article/menu_add/', article.menu_add, name='article/menu_add/'),
# 新增二级菜单
re_path('article/menu_add1/', article.menu_add1, name='article/menu_add1/'),
# 删除一级菜单
re_path('article/menu_del_f/', article.menu_del_f, name='article/menu_del_f/'),
# 删除二级菜单
re_path('article/menu_del_z/', article.menu_del_z, name='article/menu_del_z/'),
# 编辑一级菜单
re_path('article/editor_menu_f/(\d+)/',article.editor_menu_f,name='article/editor_menu_f/'),
# 编辑二级菜单
re_path('article/editor_menu_z/(\d+)/',article.editor_menu_z,name='article/editor_menu_z/'),
方法
from collections import OrderedDict # 新增一级菜单
def menu_add(request):
menu_list=Menu.objects.filter(pid__isnull=True)
menu_list_z=Menu.objects.filter(pid__isnull=False)
if request.method=='POST':
res = {'status': None, 'info': None}
menu_name=request.POST.get('menu_name')
menu_name_f_obj=Menu.objects.filter(name=menu_name,pid_id__isnull=True)
if menu_name_f_obj:
res = {'status': 1, 'info': '菜单名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
if menu_name:
menu_obj=Menu.objects.create(name=menu_name)
if menu_obj:
permission_obj=Permission.objects.create(name=menu_name,menu_id=menu_obj.id)
res = {'status': 0, 'info': '添加成功'}
else:
res = {'status': 1, 'info': '添加失败'}
return HttpResponse(json.dumps(res))
else:
res = {'status': 2, 'info': '请输入菜单名称'}
return HttpResponse(json.dumps(res))
return render(request,'article/menu_add.html',locals()) # 添加二级菜单
def menu_add1(request):
if request.method=='POST':
res = {'status': None, 'info': None}
menu_name=request.POST.get('menu_name')
menu_path=request.POST.get('menu_path')
pid=request.POST.get('pid')
menu_name_z_obj = Menu.objects.filter(name=menu_name,pid_id__isnull=False)
if menu_name_z_obj:
res = {'status': 1, 'info': '菜单名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
if not menu_name:
res = {'status': 1, 'info': '未输入菜单名称'}
return HttpResponse(json.dumps(res))
if not menu_path:
res = {'status': 2, 'info': '未输入菜单路径'}
return HttpResponse(json.dumps(res))
if not pid:
res = {'status': 3, 'info': '未选择所属一级菜单'}
return HttpResponse(json.dumps(res))
menu_obj=Menu.objects.create(name=menu_name,path=menu_path,pid_id=pid)
if menu_obj:
menu_id=Permission.objects.filter(menu_id=pid).first().id
permission_obj=Permission.objects.create(name=menu_name,path=menu_path,menu_id=menu_obj.id,pid_id=menu_id)
res = {'status': 0, 'info': '添加成功'}
else:
res = {'status': 1, 'info': '添加失败'}
return HttpResponse(json.dumps(res)) # 删除一级菜单
def menu_del_f(request):
if request.method=='POST':
res = {'status': None, 'info': None}
menu_id=request.POST.get('id')
if not menu_id:
res = {'status': 1, 'info': '异常'}
return HttpResponse(json.dumps(res))
menu_f=Menu.objects.filter(id=menu_id).delete()
menu_z=Menu.objects.filter(pid_id=menu_id).delete()
permission_f=Permission.objects.filter(menu_id=menu_id).values('id').first()
# print(permission_f['id'])
if permission_f:
permission_z=Permission.objects.filter(pid_id=permission_f['id']).delete()
permission_f = Permission.objects.filter(menu_id=menu_id).delete()
if menu_f and permission_f:
res = {'status': 0, 'info': '删除成功'}
else:
res = {'status': 2, 'info': '删除失败'}
return HttpResponse(json.dumps(res))
return HttpResponse('ok') # 删除二级菜单
def menu_del_z(request):
if request.method=='POST':
res = {'status': None, 'info': None}
menu_id=request.POST.get('id')
if not menu_id:
res = {'status': 1, 'info': '异常'}
return HttpResponse(json.dumps(res))
menu_obj=Menu.objects.filter(id=menu_id).delete()
permission_obj=Permission.objects.filter(menu_id=menu_id).delete()
if menu_obj and permission_obj:
res = {'status': 0, 'info': '删除成功'}
else:
res = {'status': 2, 'info': '删除失败,请联系技术人员'}
return HttpResponse(json.dumps(res))
return HttpResponse('ok') # 编辑一级菜单
def editor_menu_f(request,id):
menu_f_obj=Menu.objects.filter(id=id).first().name
if request.method=='POST':
menu_f_name=request.POST.get('menu_f')
if not menu_f_name:
res = {'status': 1, 'info': '未输入菜单名称'}
return HttpResponse(json.dumps(res))
menu_f_name_obj=Menu.objects.filter(name=menu_f_name,pid_id__isnull=True)
if menu_f_name_obj and menu_f_name != menu_f_obj:
res = {'status': 1, 'info': '菜单名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
menu_obj=Menu.objects.filter(id=id).update(name=menu_f_name)
permission_obj=Permission.objects.filter(menu_id=id).update(name=menu_f_name)
if menu_obj and permission_obj:
res = {'status': 0, 'info': '修改成功'}
else:
res = {'status': 1, 'info': '修改失败,请联系技术人员'}
return HttpResponse(json.dumps(res)) return render(request,'article/editor_menu_f.html',locals()) # 编辑二级菜单
def editor_menu_z(request,id):
menu_obj=Menu.objects.filter(id=id).first()
menu_list=Menu.objects.filter(pid_id__isnull=True)
if request.method == 'POST':
res = {'status': None, 'info': None}
menu_name = request.POST.get('menu_name')
menu_path = request.POST.get('menu_path')
pid = request.POST.get('pid')
menu_name_z_obj = Menu.objects.filter(name=menu_name, pid_id__isnull=False)
if menu_name_z_obj and menu_name !=menu_obj.name:
res = {'status': 1, 'info': '菜单名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
if not menu_name:
res = {'status': 1, 'info': '未输入菜单名称'}
return HttpResponse(json.dumps(res))
if not menu_path:
res = {'status': 2, 'info': '未输入菜单路径'}
return HttpResponse(json.dumps(res))
if not pid:
res = {'status': 3, 'info': '未选择所属一级菜单'}
return HttpResponse(json.dumps(res))
menu_obj = Menu.objects.filter(id=id).update(name=menu_name, path=menu_path, pid_id=pid)
if menu_obj:
menu_id = Permission.objects.filter(menu_id=pid).first().id
permission_obj = Permission.objects.filter(menu_id=id).update(name=menu_name, path=menu_path,
pid_id=menu_id)
res = {'status': 0, 'info': '修改成功'}
else:
res = {'status': 1, 'info': '修改失败,请联系技术人员'}
return HttpResponse(json.dumps(res)) return render(request,'article/editor_menu_z.html',locals())
#角色管理功能
前端引入
<script src="/static/jQuery-1.8.2.min.js"></script>
<script src="/static/layer/layer.js"></script>
前端页面
<div id="tab2" class="tabson">
<table class="tablelist">
<thead>
<tr>
{# <th><input name="" type="checkbox" value="" checked="checked"/></th>#}
<th>角色序号<i class="sort"><img src="/static/back/images/px.gif"/></i></th>
<th>角色名称</th>
{# <th>角色权限</th>#}
<th>操作</th>
</tr>
</thead>
<tbody>
{% for v in role_obj %}
<tr>
{# <td><input name="" type="checkbox" value=""/></td>#}
<td>{{ forloop.counter }}</td>
<td>{{ v.name }}</td>
{% if v.id == 4 %}
<td>
<h6>不能对超级管理员进行操作</h6>
</td>
{% else %}
<td>
<a href="javascript:;" data-id="{{ v.id }}" class="tablelink del">删除</a>
<a href="/back/article/editor_role/{{ v.id }}/" data-editor="{{ v.super_id }}"
class="tablelink editor">编辑</a>
{# <a href="/back/article/role_add1/{{ v.id }}"> >>设置权限</a>#}
</td>
{% endif %} </tr>
{% endfor %} </tbody>
</table> {#######################################################################} <br><br> </div> <th><a href="/back/article/role_add1/">>>新增角色 </a></th>
新增角色的html
<script src="/static/jQuery-1.8.2.min.js"></script>
<script src="/static/layer/layer.js"></script> <form method="post" onsubmit="return false">
{% csrf_token %} <table class="tablelist">
<thead>
<tr>
<th>角色名称: <input type="text" name="role_name" placeholder="输入角色名称"></th>
</tr>
<tr>
<th>
选择所有权限: <br>
{% for k,v in permission_all.items %}
<input class="checkall" type="checkbox" name="check[]" id="{{ v.id }}" value="{{ v.id }}"
{% if v.id|safe in permission_current %} checked="true'" {% endif %}>
<label for="{{ v.id }}">{{ v.name }}</label>
<div>{% for v2 in v.children %}<input class="check" type="checkbox" id="{{ v2.id }}" value="{{ v2.id }}" name="check[]" {% if v2.id|safe in permission_current %} checked="true'" {% endif %}><label for="{{ v2.id }}">{{ v2.name }}</label> {% endfor %}</div>
{% endfor %}
</th> </tr>
</thead>
</table> <input type="button" value="提交" id="onsubmit" style="width: 100px; height: 30px;">
<br><br> </form> #js
<script>
{# 新建角色#}
$(document).ready(function () {
$('#onsubmit').click(function () {
_this = this;
id = $(_this).data('id');
console.log(id);
$.post('/back/article/role_add1/', $('form').serialize(), function (data) {
if (data['status'] == 0) {
layer.msg(data['info']);
location.href='/back/article/role_add/'
} else {
layer.msg(data['info'])
}
}, 'json')
})
});
{#局部全选全不选#}
$(document).on('click','.checkall',function () {
$(this).next().next().children().prop('checked',$(this).prop('checked'))
});
$(document).on('click','.check',function () {
$(this).parent().prev().prev().prop('checked',!$('%s:not(:checked)'%$(this).siblings()).length)
});
</script>
前端js
<script>
{# 增加职位#}
$(document).ready(function () {
$('#onsubmit').click(function () {
$.post('/back/article/role_add/', $('#role_1').serialize(), function (data) {
if (data['status'] == 0) {
layer.msg(data['info']);
location.href = '/back/article/role_add/'
} else {
layer.msg(data['info'])
}
}, 'json')
})
}); {# 删除管理员#}
$('.del').click(function () {
_this = this;
layer.confirm('删除后不可恢复,确定删除吗?', {
btn: ['确定', '取消']
}, function () {
id = $(_this).data('id');
$.post('/back/article/role_del/', {'id': id, 'csrfmiddlewaretoken': '{{ csrf_token }}'}, function (data) {
if (data['status'] == 0) {
layer.msg(data['info']);
$(_this).parent().parent().remove()
} else {
layer.msg(data['info'])
}
}, 'json')
}, function () { }); });
</script>
路由
# 角色列表
re_path('article/role_add/', article.role_add, name='article/role_add/'),
# 新增角色
re_path('article/role_add1/', article.role_add1, name='article/role_add1/'),
# 删除角色
re_path('article/role_del/', article.role_del, name='article/role_del/'),
# 编辑角色
re_path('article/editor_role/(\d+)/',article.editor_role,name='article/editor_role/'),
方法
# 角色列表
def role_add(request):
permission_obj=Permission.objects.filter(pid__isnull=False)
role_obj=Role.objects.all()
permission_list=[]
permission_obj_new=Permission.objects.filter(pid__isnull=True)
# for i in permission_obj_new:
# permission_list.append(i.id)
# print(permission_list)
# print(permission_obj_new)
if request.method=='POST':
res = {'status': None, 'info': None}
role=request.POST.get('role')
if not role:
res = {'status': 1, 'info': '未输入职位名称'}
return HttpResponse(json.dumps(res))
role_new=Role.objects.create(name=role)
if role_new:
res = {'status': 0, 'info': '添加成功'}
else:
res = {'status': 2, 'info': '添加失败'}
return HttpResponse(json.dumps(res))
return render(request,'article/role_add.html',locals()) # 新增角色
def role_add1(request):
# permission_current1 = Role.objects.filter(id=id).first()
# if permission_current1.access:
# permission_current = permission_current1.access.split(",")
# print(permission_current)
permission_all = OrderedDict()
permission = Permission.objects.filter(pid__isnull=True).all()
for v in permission:
permission2 = Permission.objects.filter(pid=v.id).all()
permission_all[v.id] = {
'id': v.id,
'name': v.name,
'path': v.path,
'children': permission2
}
# role_obj=Role.objects.filter(id=id).first()
# permission_obj = Permission.objects.filter(pid__isnull=False)
if request.method=='POST':
name=request.POST.get('role_name')
if not name:
res = {'status': 1, 'info': '未输入角色名称'}
return HttpResponse(json.dumps(res))
role_name_obj=Role.objects.filter(name=name)
if role_name_obj:
res = {'status': 1, 'info': '角色名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
check=request.POST.getlist('check[]')
chk=','.join(check)
role_obj = Role.objects.create(name=name,access=chk)
# new_role_obj=Role.objects.filter(id=id).update(access=chk)
if role_obj:
res = {'status': 0, 'info': '添加成功'}
else:
res = {'status': 1, 'info': '添加失败'}
return HttpResponse(json.dumps(res))
return render(request,'article/role_add1.html',locals()) # 删除角色
def role_del(request):
if request.method=='POST':
res = {'status': None, 'info': None}
role_id=request.POST.get('id')
if not role_id:
res = {'status': 1, 'info': '未选择要删除的角色'}
return HttpResponse(json.dumps(res))
role_del=Role.objects.filter(id=role_id).delete()
if role_del:
res = {'status': 0, 'info': '删除成功'}
else:
res = {'status': 2, 'info': '删除失败,请联系技术人员'}
return HttpResponse(json.dumps(res))
return HttpResponse('ok') # 编辑角色
def editor_role(request,id):
role_obj=Role.objects.filter(id=id).first()
permission_current1 = Role.objects.filter(id=id).first()
if permission_current1.access:
permission_current = permission_current1.access.split(",")
# print(permission_current)
permission_all = OrderedDict()
permission = Permission.objects.filter(pid__isnull=True).all()
for v in permission:
permission2 = Permission.objects.filter(pid=v.id).all()
permission_all[v.id] = {
'id': v.id,
'name': v.name,
'path': v.path,
'children': permission2
}
if request.method=='POST':
check = request.POST.getlist('check[]')
# print(check)
chk = ','.join(check)
new_role_obj = Role.objects.filter(id=id).update(access=chk)
role_name=request.POST.get('role_name')
if not role_name:
res = {'status': 1, 'info': '未输入角色名称'}
return HttpResponse(json.dumps(res))
role_name_old_obj=Role.objects.filter(name=role_name)
if role_name_old_obj and role_name != role_obj.name:
res = {'status': 1, 'info': '角色名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
role_name_obj=Role.objects.filter(id=id).update(name=role_name)
if role_name_obj and new_role_obj:
res = {'status': 0, 'info': '修改成功'}
else:
res = {'status': 1, 'info': '修改失败,请联系技术人员'}
return HttpResponse(json.dumps(res))
return render(request,'article/editor_role.html',locals())
#非菜单权限功能
前端页面
<table class="tablelist">
<form method="post" onsubmit="return false">
{% csrf_token %}
<thead>
<tr>
<th>权限序号</th>
<th>权限名称</th>
<th>操作</th>
</tr>
</thead>
<thead>
{% for v in permission_obj %}
<tr> <th>{{ forloop.counter }}</th>
<th>{{ v.name }}</th> <th>
<a href="javascript:;" data-id="{{ v.id }}" class="tablelink del">删除</a>
<a href="/back/article/editor_permission_it/{{ v.id }}" data-editor="{{ v.id }}" class="tablelink editor">编辑</a> </th> </tr>
{% endfor %}
</thead>
</form>
</table> <form method="post" onsubmit="return false" id="menu_2">
{% csrf_token %}
<table class="tablelist">
<thead>
<tr>
<th colspan="">新增权限</th>
</tr>
<tr>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入权限名称" name="permission_name">
</th>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入权限路径" name="permission_path">
</th> </tr>
</thead>
</table> <input type="button" value="提交" id="onsubmit2" style="width: 100px; height: 30px;">
</form>
前端js
<script>
{# 删除其他权限#}
$('.del').click(function () {
_this=this
layer.confirm('删除后不可恢复,确定删除吗?',{
btn:['确定','取消']
},function(){
id=$(_this).data('id');
$.post('/back/article/permission_it_del/',{'id':id,'csrfmiddlewaretoken':'{{ csrf_token }}'},function (data) {
if (data['status']==0){
layer.msg(data['info']);
$(_this).parent().parent().remove()
}else{
layer.msg(data['info'])
}
},'json')
},function () { }); }); {#添加权限#}
$(document).ready(function () {
$('#onsubmit2').click(function () {
$.post('/back/article/permission_list/', $('#menu_2').serialize(), function (data) {
if (data['status'] == 0) {
layer.msg(data['info']);
location.href='/back/article/permission_list/'
} else {
layer.msg(data['info'])
}
}, 'json')
})
});
</script>
路由
# 其他权限
re_path('article/permission_list/',article.permission_list,name='article/permission_list/'),
# 删除其他权限
re_path('article/permission_it_del/',article.permission_it_del,name='article/permission_it_del/'),
# 编辑非菜单权限
re_path('article/editor_permission_it/(\d+)/',article.editor_permission_it,name='article/editor_permission_it/'),
方法
# 其他权限
def permission_list(request):
permission_obj=Permission.objects.filter(menu_id__isnull=True,pid_id__isnull=True)
if request.method=='POST':
permission_name=request.POST.get('permission_name')
permission_path=request.POST.get('permission_path')
print(permission_name,permission_path)
if not permission_name:
res = {'status': 1, 'info': '未输入权限名称'}
return HttpResponse(json.dumps(res))
if not permission_path:
res = {'status': 2, 'info': '未输入权限路径'}
return HttpResponse(json.dumps(res))
permission_name_obj=Permission.objects.filter(name=permission_name,menu_id__isnull=True,pid_id__isnull=True)
if permission_name_obj:
res = {'status': 2, 'info': '权限名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
permission_new_obj=Permission.objects.create(name=permission_name,path=permission_path)
if permission_new_obj:
res = {'status': 0, 'info': '添加成功'}
else:
res = {'status': 1, 'info': '添加失败'}
return HttpResponse(json.dumps(res))
return render(request,'article/permisson_list.html',locals()) # 删除其他权限
def permission_it_del(request):
if request.method=='POST':
id=request.POST.get('id')
permission_del_obj=Permission.objects.filter(id=id).delete()
if permission_del_obj:
res = {'status': 0, 'info': '删除成功'}
else:
res = {'status': 0, 'info': '删除失败'}
return HttpResponse(json.dumps(res))
return HttpResponse('ok') # 编辑其他权限
def editor_permission_it(request,id):
permission_obj=Permission.objects.filter(id=id).first()
if request.method=='POST':
permission_name=request.POST.get('permission_name')
permission_path=request.POST.get('permission_path')
if not permission_name:
res = {'status': 1, 'info': '未输入权限名称'}
return HttpResponse(json.dumps(res))
if not permission_path:
res = {'status': 2, 'info': '未输入权限路径'}
return HttpResponse(json.dumps(res))
permission_name_obj=Permission.objects.filter(name=permission_name)
if permission_name_obj and permission_name != permission_obj.name:
res = {'status': 1, 'info': '权限名称已存在,请重新编辑'}
return HttpResponse(json.dumps(res))
permission_new_obj=Permission.objects.filter(id=id).update(name=permission_name,path=permission_path)
if permission_new_obj:
res = {'status': 0, 'info': '修改成功'}
else:
res = {'status': 1, 'info': '修改失败,请联系技术人员'}
return HttpResponse(json.dumps(res))
return render(request,'article/editor_permission_it.html',locals())
#管理员列表功能
前端html
<div id="tab2" class="tabson">
<table class="tablelist">
<thead>
<tr>
{# <th><input name="" type="checkbox" value="" checked="checked"/></th>#}
<th>管理员序号<i class="sort"><img src="/static/back/images/px.gif"/></i></th>
<th>管理员名称</th>
<th>管理员权限</th>
<th>操作</th>
</tr>
</thead>
<tbody>
{% for v in super_obj %}
<tr>
{# <td><input name="" type="checkbox" value=""/></td>#}
<td>{{ forloop.counter }}</td>
<td>{{ v.super_name }}</td>
<td>{% for v2 in v.role.all %}
{{ v2.name }}
{% endfor %}
</td>
{% if v.role.first.id == 4 %}
<td>
<h6>不能对超级管理员进行操作</h6>
</td>
{% else %}
<td>
<a href="javascript:;" data-id="{{ v.super_id }}" class="tablelink del">删除</a>
<a href="/back/article/editor_back/{{ v.super_id }}" data-editor="{{ v.super_id }}" class="tablelink editor">编辑</a>
<a href="/back/article/permission_add1/{{ v.super_id }}"> >>分配权限</a>
</td>
{% endif %}
</tr>
{% endfor %}
</tbody>
</table>
<div style="float: right;">
<nav aria-label="Page navigation">
<ul class="pagination">
{% if article_obj.has_previous %}
<li class="previous"><a
href="/back/article/super_list/?page={{ article_obj.previous_page_number }}">上一页</a>
</li>
{% else %}
<li class="previous disabled"><a href="#">上一页</a></li>
{% endif %}
{% for num in pageRange %}
<li {% if num == currentPage %}class=" active"{% endif %}><a
href="?page={{ num }}">{{ num }}</a></li>
{% endfor %}
{% if article_obj.has_next %}
<li class="next"><a
href="/back/article/super_list/?page={{ article_obj.next_page_number }}">下一页</a>
</li>
{% else %}
<li class="next disabled"><a href="#">下一页</a></li>
{% endif %}
</ul>
</nav>
</div>
前端js
<script>
{# 删除管理员#}
$('.del').click(function () {
_this=this
layer.confirm('删除后不可恢复,确定删除吗?',{
btn:['确定','取消']
},function(){
id=$(_this).data('id');
$.post('/back/article/super_delete/',{'id':id,'csrfmiddlewaretoken':'{{ csrf_token }}'},function (data) {
if (data['status']==0){
layer.msg(data['info']);
$(_this).parent().parent().remove()
}else{
layer.msg(data['info'])
}
},'json')
},function () { }); }); </script>
路由
# 给管理员重新分配角色(权限)
re_path('article/permission_add1/(\d+)/', article.permission_add1,name='article/permission_add1/'),
# 编辑管理员信息
re_path('article/editor_back/(\d+)/', article.editor_back,name='article/editor_back/'),
# 删除管理员
re_path('article/super_delete/', article.super_delete,name='article/super_delete/'),
方法
# 删除管理员
def super_delete(request):
super_name=request.session.get('super_name')
res={'status':None,'info':None}
id=request.POST.get('id') super_del=Superuser.objects.filter(super_id=id).delete()
if super_del:
res['status']=0
res['info']='删除成功'
else:
res['status'] = 1
res['info'] = '删除失败'
return HttpResponse(json.dumps(res)) # 修改管理员信息
def editor_back(request,id):
super_name = request.session.get('super_name')
res = {'status': None, 'info': None}
super_obj=Superuser.objects.filter(super_id=id).first()
if request.method=='POST': super_name = Superuser.objects.filter(super_id=id).first().super_name
new_super_name = request.POST.get('super_name')
new_super_pwd = request.POST.get('super_pwd')
if not new_super_name:
res = {'status': 4, 'info': '未填写帐号'}
return HttpResponse(json.dumps(res))
if not new_super_pwd:
res = {'status': 5, 'info': '未填写密码'}
return HttpResponse(json.dumps(res))
old_super_name = Superuser.objects.filter(super_name=new_super_name)
if old_super_name and new_super_name != super_name:
res = {'status': 1, 'info': '帐号已存在'}
else:
super_obj = Superuser.objects.filter(super_id=id).update(super_name=new_super_name,
super_pwd=make_password(new_super_pwd))
if super_obj:
res = {'status': 0, 'info': '修改成功'}
else:
res = {'status': 2, 'info': '修改失败'}
return HttpResponse(json.dumps(res))
return HttpResponse(json.dumps(res)) # return HttpResponse(json.dumps(res),locals())
return render(request,'article/editor_back.html',locals()) # 分配权限
def permission_add1(request,id):
print(id)
super_obj=Superuser.objects.filter(super_id=id).first()
role_obj=Role.objects.all()
role_obj_new=Superuser.objects.filter(super_id=id).first().role.all().values('id')
role_list=[]
for i in role_obj_new:
print(i['id'])
role_list.append(str(i['id']))
print(role_list)
if request.method=='POST':
res = {'status': None, 'info': None}
check=request.POST.getlist('check[]')
super_obj.role.clear()
for i in check:
super_obj.role.add(i) res = {'status': 0, 'info': '成功'}
return HttpResponse(json.dumps(res))
return render(request,'article/permission_add1.html',locals())
#添加管理员功能
前端html
<form method="post" onsubmit="return false">
{% csrf_token %}
<table class="tablelist">
<thead>
<tr>
<th>超级管理员名称<i class="sort"><img src="/static/back/images/px.gif" /></i></th>
<th>密码</th>
<th>设置权限</th>
<th>操作</th>
</tr>
<tr>
<th style="border: 1px #9C9C9C solid;"><input type="text" placeholder="输入管理员名称" name="super_name"></th>
<th style="border: 1px #9C9C9C solid;"><input type="password" placeholder="输入密码" name="super_pwd"></th>
<th style="border: 1px #9C9C9C solid;">{% for v in role_obj %} {% if v.id == 4 %}
<input type="checkbox" name="check[]" id="{{ v.id }}" value="{{ v.id }}"
{% if v.id|safe in role_list %} checked="true'" {% endif %} onclick="layer.msg('普通用户不可设为超级管理员'); return false">
<label for="{{ v.id }}">{{ v.name }}</label>
{% else %}
<input type="checkbox" name="check[]" id="{{ v.id }}" value="{{ v.id }}"
{% if v.id|safe in role_list %} checked="true'" {% endif %}>
<label for="{{ v.id }}">{{ v.name }}</label>
{# <div>{% for v2 in v.children %}<input type="checkbox" id="{{ v2.id }}" value="{{ v2.id }}" name="check[]" {% if v2.id|safe in permission_current %} checked="true'" {% endif %}><label for="{{ v2.id }}">{{ v2 }}</label> {% endfor %}</div>#}
{% endif %}
{% endfor %}</th> <th style="border: 1px #9C9C9C solid;"><input type="button" value="提交" id="onsubmit"></th>
</tr>
</thead> </table>
</form>
前端js
<script>
$(document).ready(function () {
$('#onsubmit').click(function () {
$.post('/back/article/super_add/',$('form').serialize(),function (data) {
if (data['status']==0){
layer.msg(data['info']);
location.href='/back/article/super_list/'
} else {
layer.msg(data['info'])
}
},'json')
})
})
</script>
路由
# 添加管理员功能
re_path('article/super_add/', article.super_add, name='article/super_add/'),
方法
# 新增管理员
def super_add(request):
role_obj = Role.objects.all()
if request.method == 'POST':
res={"status":None,'info':None}
super_name=request.POST.get('super_name')
super_back_pwd=request.POST.get('super_pwd')
super_pwd=make_password(request.POST.get('super_pwd')) if super_name and super_back_pwd:
super_old_obj=Superuser.objects.filter(super_name=super_name)
if super_old_obj:
res['status'] = 3
res['info'] = '管理员名称已存在'
return HttpResponse(json.dumps(res))
super_obj = Superuser.objects.create(super_name=super_name, super_pwd=super_pwd)
if super_obj:
check = request.POST.getlist('check[]')
super_obj.role.clear()
for i in check:
super_obj.role.add(i)
res['status'] = 0
res['info'] = '增加成功'
else:
res['status'] = 1
res['info'] = '添加失败'
return HttpResponse(json.dumps(res))
else:
res['status'] = 2
res['info'] = '请填写完整信息'
return HttpResponse(json.dumps(res))
return render(request,'article/super_add.html',locals())
页面的一些效果
给其中的管理员设置权限后,登录结果
done。
django项目后台权限管理功能。的更多相关文章
- 我的第一个python web开发框架(36)——后台菜单管理功能
对于后台管理系统来说,要做好权限管理离不开菜单项和页面按钮控件功能的管理.由于程序没法智能的知道有什么菜单和控件,哪些人拥有哪些操作权限,所以首先要做的是菜单管理功能,将需要管理的菜单项和各个功能项添 ...
- 第二十三章 多项目集中权限管理及分布式会话——《跟我学Shiro》
二十三章 多项目集中权限管理及分布式会话——<跟我学Shiro> 博客分类: 跟我学Shiro 跟我学Shiro 目录贴:跟我学Shiro目录贴 在做一些企业内部项目时或一些互联网后台时 ...
- Shiro学习(23)多项目集中权限管理
在做一些企业内部项目时或一些互联网后台时:可能会涉及到集中权限管理,统一进行多项目的权限管理:另外也需要统一的会话管理,即实现单点身份认证和授权控制. 学习本章之前,请务必先学习<第十章 会话管 ...
- 给ecshop后台增加管理功能页面
给ecshop后台增加管理功能页面 比如我们增加一个统计报表叫做 物流费用统计报表 放在后台“报表统计”栏目中 具体操作步骤: 第一步,我们要添加一个菜单到后台,然后设置语言项,最后设置权限,这样,后 ...
- Django配置后台xadmin管理界面
Django配置后台xadmin管理界面 python版本3.6.5 Django版本1.10.8(刚开始是2.1.5,由于各种错误,改成了低版本) 1.xadmin的安装,下载地址https://g ...
- Django项目后台不挂断运行
Django项目后台不挂断运行 方法一: 1.进入项目目录下,运行下面程序: nohup python manage.py runserver 0.0.0.0:5008 & nohup(no ...
- Admin后台权限管理、三大认证
目录 APIView的请求生命周期 三大认证规则 权限六表 自定义User表 详细配置演示 models.py setting.py admin.py 使用过程: 控制填写信息的字段 控制添加权限 控 ...
- JOffice中的权限管理--功能粒度的权限管理配置
JOffice中的权限管理是基于角色的管理策略,采用Spring Security2的配置方式,同时能够结合EXT3来进行整个系统的权限管理,通过使用配置文件,进行整个系统的功能集中管理,包括系统左边 ...
- SpringBoot搭建基于Apache Shiro的权限管理功能
Shiro 是什么 Apache Shiro是一个强大易用的Java安全框架,提供了认证.授权.加密和会话管理等功能: 认证 - 用户身份识别,常被称为用户“登录”: 授权 - 访问控制: 密码加密 ...
随机推荐
- zabbix解决监控图形中文乱码
原文: https://blog.csdn.net/xujiamin0022016/article/details/86541783 zabbix 4解决监控图形中文乱码首先在windows里找到你想 ...
- 【Activiti学习之五】BPMN事件
环境 JDK 1.8 MySQL 5.6 Tomcat 7 Eclipse-Luna activiti 6.0 一.事件定义1.定时器事件(1)timeDate:指定时间触发<timerEven ...
- 数据库连接池, websocket
转自: https://www.cnblogs.com/xiao987334176/p/9605536.html 一.DButils 什么是数据库连接池 数据库连接池负责分配.管理和释放数据库连接,它 ...
- activiti学习7:spring和activiti进行整合
目录 activiti学习7:spring和activiti进行整合 一.整合原理 二.整合步骤 2.1 新建一个maven工程并导入相关依赖 2.2 创建spring配置文件 三.测试 activi ...
- 【mysql】搜索带\字符
模糊查询 LIKE '%\\\%'
- Sitecore 8.2 扩展体验分析报告
本文简要介绍了如何为Experience Analytics创建自定义报告.在Sitecore术语中,我会说:创建新的报表维度和适当的报表以显示它们. 我们做的任务是:实现新的报告,显示不同网络浏览器 ...
- php redis扩展安装步骤
因为redis不是php技术自带的技术,因此我们如果要通过php程序来操作redis,需要redis设计者提供对应的操作接口(函数类)我们使用phpredis.tar.gz文件在源码编译生成一个red ...
- php 求商数和余数 的函数
//返回两数相除之商和余数function get_div_and_mod($left_operand, $right_operand){ $div = intval($left_operand / ...
- VBA对象模型
https://www.processon.com/view/link/5d974da6e4b07a0a4d4a098a
- 上传文件大小与时间 Web.Config文件 httpRuntime 限制
httpRuntime <httpRuntime executionTimeout="90" maxRequestLength="40960" useF ...