RBAC示例

之前转载了一篇关于RBAC【基于角色的权限控制】的文章，有小伙伴们希望能有个代码的示例，那我也必须得满足要求不是，代码如下哈：

#-*- coding:utf-8 -*-
from sqlalchemy import *
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy import MetaData
from sqlalchemy.orm import sessionmaker

metadata = MetaData()

Base=declarative_base()

Session=sessionmaker()

perm_type = Table('perm_type', metadata, 
    Column('code', String(64), primary_key = True, doc='代码'),
    Column('name', String(128), nullable=False, doc='名称'),
    Column('description', String(128), doc='描述'),

    info={'doc':'权限类型表'}
)

perm = Table('perm', metadata, 
    Column('code', String(64), primary_key = True, doc='代码'),
    Column('perm_type_code', String(64), ForeignKey('perm_type.code'), nullable=False, doc='权限类型'),
    Column('up_code', String(64), ForeignKey('perm.code'), doc='上级权限代码'),
    Column('name', String(128), nullable=False, doc='名称'),

    info={'doc':'权限表'}
)

role = Table('role', metadata, 
    Column('code', String(64), primary_key = True, doc='代码'),
    Column('name', String(128), nullable=False, doc='名称'),

    info={'doc':'角色表'}
)

user = Table('user', metadata, 
    Column('id', BigInteger, Sequence('user_seq'), primary_key = True, doc='自增主键'),
    Column('name', String(128), nullable=False, doc='名称'),

    info={'doc':'用户表'}
)


"""
一个用户可能对应多个角色
"""
user_role_rel = Table('user_role_rel', metadata, 
    Column('id', BigInteger, Sequence('user_role_rel_seq'), primary_key = True, doc='自增主键'),
    Column('user_id', BigInteger, ForeignKey('user.id'), doc='用户ID'),
    Column('role_code', String(64), ForeignKey('role.code'), doc='角色代码'),

    UniqueConstraint('user_id', 'role_code', name='unique_idx1'),

    info={'doc':'用户角色关系表'}
)


"""
一个角色对应多个权限
"""
role_perm_rel = Table('role_perm_rel', metadata, 
    Column('id', BigInteger, Sequence('role_perm_rel_seq'), primary_key = True, doc='自增主键'),
    Column('role_code', String(64), ForeignKey('role.code'), doc='角色代码'),
    Column('perm_code', String(64), ForeignKey('perm.code'), doc='权限代码'),

    UniqueConstraint('role_code', 'perm_code', name='unique_idx2'),

    info={'doc':'用户角色关系表'}
)


class PermType(Base):
    __table__ = perm_type

class Perm(Base):
    __table__ = perm

class Role(Base):
    __table__ = role

class User(Base):
    __table__ = user

class UserRoleRel(Base):
    __table__ = user_role_rel

class RolePermRel(Base):
    __table__ = role_perm_rel


def get_db_session(url):
    e = create_engine(url)  
    conn = e.connect()
    session = Session(bind=conn)
    return session


session = get_db_session('mysql+pymysql://root:root@localhost/t2?charset=utf8')
#删表
metadata.drop_all(bind=session.bind)
metadata.create_all(bind=session.bind)

#初始化数据
session.add(PermType(code='MENU', name='菜单权限'))
session.add(Perm(code='user_manage', perm_type_code='MENU', up_code=None, name='用户管理菜单'))
session.add(Perm(code='user_add', perm_type_code='MENU', up_code='user_manage', name='用户新增菜单'))
session.add(Perm(code='user_center_manage', perm_type_code='MENU', up_code=None, name='用户中心菜单'))
session.add(Perm(code='user_center_edit', perm_type_code='MENU', up_code='user_center_manage', name='用户中心信息修改'))

session.add(Role(code='admin', name='管理员'))
session.add(Role(code='user', name='用户'))

#刷新一次
session.flush()

#管理员可以操作用户管理菜单和用户中心菜单
session.add(RolePermRel(role_code='admin', perm_code='user_manage'))
session.add(RolePermRel(role_code='admin', perm_code='user_add'))
session.add(RolePermRel(role_code='admin', perm_code='user_center_manage'))
session.add(RolePermRel(role_code='admin', perm_code='user_center_edit'))
#用户只能操作用户中心菜单
session.add(RolePermRel(role_code='user', perm_code='user_center_manage'))
session.add(RolePermRel(role_code='user', perm_code='user_center_edit'))

session.add(User(name='用户甲'))
session.add(User(name='管理甲'))

#刷新一次
session.flush()

u1=session.query(User).filter(User.name=='用户甲').one_or_none()
u2=session.query(User).filter(User.name=='管理甲').one_or_none()

#用户只能操作用户中心菜单
session.add(UserRoleRel(user_id=u1.id, role_code='user')) 
session.add(UserRoleRel(user_id=u2.id, role_code='admin')) 

session.commit()

#刷新一次
session.flush()


u1_roles = session.query(Role).join(UserRoleRel).filter(Role.code==UserRoleRel.role_code).filter(UserRoleRel.user_id==u1.id).all()
u2_roles = session.query(Role).join(UserRoleRel).filter(Role.code==UserRoleRel.role_code).filter(UserRoleRel.user_id==u2.id).all()

u1_perm_codes=[]
for i in u1_roles:
    perm=session.query(Perm).join(RolePermRel).filter(Perm.code==RolePermRel.perm_code).filter(RolePermRel.role_code==i.code).all()
    map(u1_perm_codes.append, [i.code for i in perm])

u2_perm_codes=[]
for i in u2_roles:
    perm=session.query(Perm).join(RolePermRel).filter(Perm.code==RolePermRel.perm_code).filter(RolePermRel.role_code==i.code).all()
    map(u2_perm_codes.append, [i.code for i in perm])

print "用户权限", u1_perm_codes
print "管理员权限", u2_perm_codes

#有了权限,后面你就可以针对具体权限进行控制了~~~~~~~~~~~~~~~~~~~