易理解的按钮控制:
customer.html
{% extends 'layout.html' %}
{% load static %}
{% load permission %}
{% block content %}
<div style="margin-bottom: 5px" class="clearfix">
{% add_permission request "customer_add" %}
<div class="right">
<form class="form-inline" method="get">
<div class="form-group">
<input name="keyword" type="text" class="form-control" placeholder="请输入关键字" value="{{ keyword }}">
</div>
<button type="submit" class="btn btn-default">
<span class="glyphicon glyphicon-search"></span>
</button>
</form>
</div>
</div>
<table class="table table-bordered">
<thead>
<tr>
<th>ID</th>
<th>用户名</th>
<th>手机号</th>
<th>账户余额</th>
<th>级别</th>
<th>注册时间</th>
<th>重置密码</th>
{# 控制操作标签是否显示在页面上 #}
{% if request|has_permission:"customer_edit,customer_delete" %}
<th>操作</th>
{% endif %}
</tr>
</thead>
<tbody>
{% for row in queryset %}
<tr row-id="{{ row.id }}">
<td>{{ row.id }}</td>
<td>{{ row.username }}</td>
<td>{{ row.mobile }}</td>
<td>{{ row.balance }}</td>
<td>{{ row.level.title }} ({{ row.level.percent }}%)</td>
<td>{{ row.create_date|date:"Y-m-d H:i:s" }}</td>
<td>
<a href="{% url 'customer_reset' pk=row.id %}">重置密码</a>
</td>
{# 控制操作标签是否显示在页面上 #}
{% if request|has_permission:"customer_edit,customer_delete" %}
<td>
{# 函数 参数1 参数2 参数3 #}
{% edit_permission request "customer_edit" pk=row.id %}
{% delete_permission request "customer_delete" pk=row.id %}
</td>
{% endif %}
</tr>
{% endfor %}
</tbody>
</table>
<ul class="pagination">
{{ pager_string }}
</ul>
{% include 'include/delete_modal.html' %}
{% endblock %}
{% block js %}
<script src="{% static 'js/delete_modal.js' %}"></script>
<script>
var DELETE_ID;
var DELETE_URL = "{% url 'customer_delete' %}";
</script>
{% endblock %}
simple_tag() # 可传入多个值,返回值不固定,想返回什么就返回什么
filter() # 固定只能传入2个参数,使用方式也不同
permission.py
from django.template import Library
from django.urls import reverse
from django.conf import settings
from django.utils.safestring import mark_safe
register = Library()
def check_permission(request, name):
# 1.获取当前登录用户的角色
role = request.nb_user.role
# 2.根据角色获取他所有的权限字典
permission_dict = settings.NB_PERMISSION[role]
if name in permission_dict:
return True
if name in settings.NB_PERMISSION_PUBLIC:
return True
@register.simple_tag()
def add_permission(request, name, *args, **kwargs):
# 3.判断是否具有权限
# 4.无权限,返回空
if not check_permission(request, name):
return ""
# 5.有权限,通过"name"反向生成url
url = reverse(name, args=args, kwargs=kwargs)
tpl = """
<a href="{}" class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span>
新建</a>
""".format(url)
return mark_safe(tpl)
@register.simple_tag()
def edit_permission(request, name, *args, **kwargs):
# 3.判断是否具有权限
# 4.无权限,返回空
if not check_permission(request, name):
return ""
# 5.有权限,通过"name"反向生成url
url = reverse(name, args=args, kwargs=kwargs)
tpl = """
<a href="{}" class="btn btn-primary btn-xs">编辑</a>
""".format(url)
return mark_safe(tpl)
@register.simple_tag()
def delete_permission(request, name, *args, **kwargs):
# 3.判断是否具有权限
# 4.无权限,返回空
if not check_permission(request, name):
return ""
# 5.有权限,通过"name"反向生成url
pk = kwargs.get('pk')
tpl = """
<a cid="{}" class="btn btn-danger btn-xs btn-delete">删除</a>
""".format(pk)
return mark_safe(tpl)
@register.filter()
def has_permission(request, others):
name_list = others.split(',')
for name in name_list:
status = check_permission(request, name)
if status:
return True
return False