Simplebbs,仿照V2ex实现完整论坛功能.
- 使用Django 1.5
- 数据存储使用Mongodb, ORM使用mongoengine
- 重写Django Class View,适用于mongoengine快速开发
- 简单并有良好拓展性的ACL配置式的权限管理
- 前端使用Bootstrap, JQuery
Class Views(src/utils/views.py)
- MongoCreateView
- MongoUpdateView
- MongoDeleteView
- MongoDetailView
- MongoListView
为需要权限管理的任何类设置一个 __acl__ 属性,如:
from utils.security import ( Allow, Deny, EveryOne, Owner, Authenticated, ) class MyDocumnet(object): __acl__ = [ (Allow, EveryOne, 'view'), (Allow, Authenticated, 'add'), (Allow, Owner, 'change'), (Allow, 'group:admin', 'delete'), ]
新增一个Django Middleware: users.middlewares.PermissionMiddleware
MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # Uncomment the next line for simple clickjacking protection: # 'django.middleware.clickjacking.XFrameOptionsMiddleware', **'users.middlewares.PermissionMiddleware',** )
为视图函数增加一个装饰器,即可实现权限管理
from utils.security import permission_view post_list = permission_view(PostListView.as_view(), permission='view', model=Post)
Model Permission Mixin(PermissionMixin)
使用Model类继承PermissionMixin
class Post(PermissionMixin, Document): pass
model实例权限判断:
post.has_perm(permission, user_groups, username)