django RBAC类

#  -*- coding: utf-8 -*-
'''
@author: Swain
@contact: 624420781@qq.com
@file: middlewares.py
@time: 2019/04/01 下午 15:10
'''
from django.db.models import F
from django.conf import settings
import re
from common.public_method import return_result
from django.shortcuts import redirect
from django.contrib.auth import authenticate
from api.models import User,Menu,Permission

class RbacMiddleware(object):
    """
    检查用户的url请求是否是其权限范围内
    """
    def process_view(self, request, view, args, kwargs):
        request_url = request.path_info
        #  如果不是api接口，放行
        if not re.match('^/api/', request_url):
            return None

        username = request.user
        user = User.objects.filter(username=username).first()
        if not user:
            return return_result(status=False, code=500, message="该用户没有权限访问!")
        request.userobj = user

        if user.surperman:
            return None
            # permission_list = Permission.objects.annotate(permissions__url=F('url')).values('permissions__url')
        else:
            permission_list = user.roles.values('permissions__url').distinct()

        # 权限数据处理
        permissions = [each['permissions__url'] for each in permission_list]
        
        if not permissions:
            return return_result(status=False, code=500, message="没有获取到用户权限信息!")

        #  如果请求url在白名单，放行
        for url in settings.SAFE_URL:
            if url == request_url:
                return None

        if request_url in permissions:
            return None
        else:
            return return_result(status=False, code=500, message="没有权限访问")