WEB后台角色权限控制

AdminController/MenuController.py

@@ -56,7 +56,8 @@ class MenuView(View):
                 return response.json(404)
 
     def getList(self, userID, request_dict, response):
-        menu_qs = MenuModel.objects.filter(parentId=0);
+        role_qs = Role.objects.filter(device_user=userID)
+        menu_qs = MenuModel.objects.filter(parentId=0, role__in=role_qs);
         list = []
         i = 0
         for menu in menu_qs:
@@ -84,7 +85,7 @@ class MenuView(View):
                     }
                 }
             )
-        menu_qs = MenuModel.objects.all()
+        menu_qs = MenuModel.objects.filter(role__in=role_qs)
         menulist = self.menulist(menu_qs, list)
 
         return response.json(0, {'list': menulist})

AdminController/UserLoginController.py

@@ -155,15 +155,27 @@ class GetPermissions(TemplateView):
         if tko.code != 0:
             return response.json(tko.code)
         userID = tko.userID
+
+
+        user_qs = Device_User.objects.filter(userID=userID)
+        if not user_qs.exists():
+            return response.json(104)
         #待补充逻辑
+        username = user_qs[0].username
+        userIconPath = user_qs[0].userIconPath.url
+        if userIconPath:
+            if userIconPath.find('static/') != -1:
+                userIconPath = userIconPath.replace('static/', '').replace('\\', '/')
+                userIconUrl = SERVER_DOMAIN + 'account/getAvatar/' + userIconPath
+
         res={
           "code": 200,
           "msg": "success",
           "data": {
             "roles": ["admin"], # 一个用户可包含多个角色如["admin","editor","XXXX"]，必须返回，如小项目用不到角色权限请返回 ["admin"]
             "ability": ["READ", "WRITE", "DELETE"], # 如果用不到rabc精细化权限可以不返回，建议返回
-            "username": "admin", # 用户名，必须返回
-            "avatar": "https://i.gtimg.cn/club/item/face/img/8/15918_100.gif" # 头像，必须返回
+            "username": username, # 用户名，必须返回
+            "avatar": userIconUrl# 头像，必须返回
           }
         }
         return response.json(0, res)
@@ -190,8 +202,9 @@ class GetList(TemplateView):
         if tko.code != 0:
             return response.json(tko.code)
         userID = tko.userID
-        #待补充逻辑
-        menu_qs = MenuModel.objects.filter(parentId=0);
+
+        role_qs =Role.objects.filter(device_user=userID)
+        menu_qs = MenuModel.objects.filter(parentId=0,role__in=role_qs);
         list = []
         i = 0
         for menu in menu_qs:
@@ -219,7 +232,7 @@ class GetList(TemplateView):
                     }
                 }
             )
-        menu_qs = MenuModel.objects.all()
+        menu_qs = MenuModel.objects.filter(role__in=role_qs)
         menulist = self.menulist(menu_qs, list)
 
         return response.json(0, {'list':menulist})

Model/models.py

@@ -78,12 +78,39 @@ class Permissions(models.Model):
     def natural_key(self):
         return (self.permName)
 
+class MenuModel(models.Model):
+    id = models.AutoField(primary_key=True, verbose_name=u'自增标记ID')
+    parentId = models.IntegerField(default=0, verbose_name='父节点ID')
+    name = models.CharField(max_length=50, unique=True, default='', verbose_name='名称')   #首字母大写，一定要与vue文件的name对应起来，用于noKeepAlive缓存控制（该项特别重要）
+    path = models.CharField(max_length=100, default='',verbose_name='路径')
+    component = models.CharField(max_length=100, default='', verbose_name='vue文件路径') #所谓的vue 组件
+    hidden = models.BooleanField(blank=True, default=False, verbose_name=u'是否隐藏')
+    levelHidden = models.BooleanField(blank=True, default=False, verbose_name=u'是否隐藏一级路由')
+    title = models.CharField(max_length=50, default='',verbose_name='标题')
+    icon = models.CharField(max_length=50, default='',verbose_name='图标名')
+    isCustomSvg = models.BooleanField(blank=True, default=False, verbose_name=u'是否是自定义svg图标')
+    noKeepAlive = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否不缓存')
+    noClosable = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否可关闭多标签页')
+    badge = models.CharField(max_length=10, default='', verbose_name='badge小标签（只支持子级）')
+    tabHidden = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否不显示多标签页')
+    activeMenu = models.CharField(max_length=50, default='', verbose_name='高亮指定菜单')
+    dot = models.BooleanField(blank=True, default=False, verbose_name=u'小圆点')
+    dynamicNewTab = models.BooleanField(blank=True, default=False, verbose_name=u'动态传参路由是否新开标签页')
+    redirect = models.CharField(max_length=50, default='', verbose_name='重定向')
+    sort = models.IntegerField(default=0, verbose_name='排序')
+
+    class Meta:
+        db_table = 'menu'
+        verbose_name = u'菜单表'
+        verbose_name_plural = verbose_name
 
 class Role(models.Model):
     rid = models.SmallIntegerField(primary_key=True, unique=True, verbose_name=u'用户角色组ID')
     roleName = models.CharField(max_length=32, unique=True,
                                 default='User', verbose_name=u'角色名称')
     permission = models.ManyToManyField(to='Permissions', blank=True, verbose_name=u'权限', db_table='role_permissions')
+    menu = models.ManyToManyField(to='MenuModel', blank=True, verbose_name=u'后台菜单权限', db_table='role_menu')
+
     Description = models.TextField(blank=True, default='', verbose_name=u'描述信息')
 
     objects = RoleManager()
@@ -1710,28 +1737,3 @@ class P2PIpModel(models.Model):
         verbose_name_plural = verbose_name
 
 
-class MenuModel(models.Model):
-    id = models.AutoField(primary_key=True, verbose_name=u'自增标记ID')
-    parentId = models.IntegerField(default=0, verbose_name='父节点ID')
-    name = models.CharField(max_length=50, default='', verbose_name='名称')   #首字母大写，一定要与vue文件的name对应起来，用于noKeepAlive缓存控制（该项特别重要）
-    path = models.CharField(max_length=100, default='',verbose_name='路径')
-    component = models.CharField(max_length=100, default='', verbose_name='vue文件路径') #所谓的vue 组件
-    hidden = models.BooleanField(blank=True, default=False, verbose_name=u'是否隐藏')
-    levelHidden = models.BooleanField(blank=True, default=False, verbose_name=u'是否隐藏一级路由')
-    title = models.CharField(max_length=50, default='',verbose_name='标题')
-    icon = models.CharField(max_length=50, default='',verbose_name='图标名')
-    isCustomSvg = models.BooleanField(blank=True, default=False, verbose_name=u'是否是自定义svg图标')
-    noKeepAlive = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否不缓存')
-    noClosable = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否可关闭多标签页')
-    badge = models.CharField(max_length=10, default='', verbose_name='badge小标签（只支持子级）')
-    tabHidden = models.BooleanField(blank=True, default=False, verbose_name=u'当前路由是否不显示多标签页')
-    activeMenu = models.CharField(max_length=50, default='', verbose_name='高亮指定菜单')
-    dot = models.BooleanField(blank=True, default=False, verbose_name=u'小圆点')
-    dynamicNewTab = models.BooleanField(blank=True, default=False, verbose_name=u'动态传参路由是否新开标签页')
-    redirect = models.CharField(max_length=50, default='', verbose_name='重定向')
-    sort = models.IntegerField(default=0, verbose_name='排序')
-
-    class Meta:
-        db_table = 'menu'
-        verbose_name = u'菜单表'
-        verbose_name_plural = verbose_name