- 简单示意流程图
- RBAC分析:
- 基于角色的权限管理;
- 权限等于用户可以访问的URL;
- 通过限制URL来限制权限;
- RBAC表结构组成:
from django.db import models class Menu(models.Model): """ 菜单表: """ title = models.CharField(verbose_name='菜单名称', max_length=32, db_index=True) # 创建索引 icon = models.CharField(verbose_name='图标', max_length=32) def __str__(self): return self.title class Meta: # db_table = 'menu' verbose_name = '菜单' verbose_name_plural = '菜单' class Jurisdiction(models.Model): """ 权限表 """ url = models.CharField(max_length=32) title = models.CharField(verbose_name='权限名称', max_length=32) name = models.CharField(verbose_name='反向解析别名', max_length=32, unique=True) menu = models.ForeignKey(to='Menu', null=True, blank=True) def __str__(self): return self.title class Meta: verbose_name = '权限' verbose_name_plural = '权限' class Role(models.Model): """ 角色表 """ name = models.CharField(verbose_name='角色名称', max_length=32) permissions = models.ManyToManyField(to='Jurisdiction') def __str__(self): return self.name class Meta: verbose_name = '角色' verbose_name_plural = '角色' class User(models.Model): """用户表""" name = models.CharField(verbose_name='用户名称', max_length=32) password = models.CharField(verbose_name='密码', max_length=64) roles = models.ManyToManyField(to="Role") def __str__(self): return self.name class Meta: verbose_name = '用户' verbose_name_plural = '用户'