1 from django.utils.deprecation import MiddlewareMixin 2 from django.shortcuts import redirect, HttpResponse 3 import re 4 class RbacMiddleware(MiddlewareMixin): 5 6 def process_request(self, request): 7 8 # 获取访问的url 9 current_url = request.path_info 10 11 # 白名单 12 valid_url = ['^/login/$', '^/admin/.*'] 13 for item in valid_url: 14 if re.match(item, current_url): 15 return 16 17 # 是否登入 18 permission_list = request.session.get('permission_list') 19 if not permission_list: 20 return redirect('/login/') 21 22 # 是否有权限访问 23 flag = False 24 for item in permission_list: 25 reg = '^%s$' % item.get('permission__url') 26 if re.match(reg, current_url): 27 flag = True 28 break 29 if not flag: 30 return HttpResponse('无权访问')