![\"Python\u7528\u6237\u6743\u9650\u63a7\u5236\u5982\u4f55\u5b9e\u73b0\"](\"https:\/\/cdn-kb.worktile.com\/kb\/wp-content\/uploads\/2024\/04\/25111841\/439fb91e-843f-4a1e-8232-3d324bc8259c.webp\")
<\/p>\n<\/p>\n
Python\u7528\u6237\u6743\u9650\u63a7\u5236\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u3001\u57fa\u4e8e\u88c5\u9970\u5668\u7684\u65b9\u6cd5\u3001\u57fa\u4e8e\u7c7b\u7684\u65b9\u6cd5\u6765\u5b9e\u73b0<\/strong>\u3002\u5176\u4e2d\uff0c\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf<\/strong>\u662f\u6700\u5e38\u89c1\u4e14\u7075\u6d3b\u7684\u65b9\u6cd5\u3002\u901a\u8fc7\u9884\u5b9a\u4e49\u4e0d\u540c\u7684\u89d2\u8272\uff08\u5982\u7ba1\u7406\u5458\u3001\u7f16\u8f91\u8005\u3001\u666e\u901a\u7528\u6237\u7b49\uff09\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u89d2\u8272\u5206\u914d\u4e0d\u540c\u7684\u6743\u9650\uff0c\u53ef\u4ee5\u5f88\u65b9\u4fbf\u5730\u7ba1\u7406\u7528\u6237\u7684\u6743\u9650\u3002\u4e0b\u9762\u5c06\u8be6\u7ec6\u4ecb\u7ecd\u5982\u4f55\u901a\u8fc7\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u6765\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002<\/p>\n<\/p>\n \u4e00\u3001\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf<\/p>\n<\/p>\n \u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u662f\u4e00\u79cd\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff08RBAC\uff0cRole-Based Access Control\uff09\u65b9\u6cd5\u3002\u901a\u8fc7\u9884\u5b9a\u4e49\u4e0d\u540c\u7684\u89d2\u8272\uff0c\u5e76\u4e3a\u6bcf\u4e2a\u89d2\u8272\u5206\u914d\u4e0d\u540c\u7684\u6743\u9650\uff0c\u53ef\u4ee5\u7075\u6d3b\u5730\u7ba1\u7406\u7528\u6237\u7684\u6743\u9650\u3002\u6bcf\u4e2a\u7528\u6237\u53ef\u4ee5\u88ab\u5206\u914d\u4e00\u4e2a\u6216\u591a\u4e2a\u89d2\u8272\uff0c\u7cfb\u7edf\u6839\u636e\u7528\u6237\u6240\u62e5\u6709\u7684\u89d2\u8272\u6765\u51b3\u5b9a\u5176\u8bbf\u95ee\u6743\u9650\u3002<\/p>\n<\/p>\n \u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u5b9a\u4e49\u7cfb\u7edf\u4e2d\u7684\u89d2\u8272\u548c\u6743\u9650\u3002\u53ef\u4ee5\u4f7f\u7528\u5b57\u5178\u6765\u5b58\u50a8\u89d2\u8272\u548c\u6743\u9650\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n 'admin': ['create_user', 'delete_user', 'view_user', 'edit_user'],<\/p>\n 'editor': ['view_user', 'edit_user'],<\/p>\n 'viewer': ['view_user']<\/p>\n }<\/p>\n <\/code><\/pre>\n<\/p>\n \u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c \u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u9700\u8981\u4e3a\u7528\u6237\u5206\u914d\u89d2\u8272\u3002\u53ef\u4ee5\u4f7f\u7528\u5b57\u5178\u6765\u5b58\u50a8\u7528\u6237\u548c\u89d2\u8272\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n 'alice': ['admin'],<\/p>\n 'bob': ['editor'],<\/p>\n 'charlie': ['viewer']<\/p>\n }<\/p>\n <\/code><\/pre>\n<\/p>\n \u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c \u4e3a\u4e86\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u67d0\u4e2a\u6743\u9650\uff0c\u6211\u4eec\u53ef\u4ee5\u7f16\u5199\u4e00\u4e2a\u51fd\u6570\u6765\u5b9e\u73b0\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n user_role = user_roles.get(user, [])<\/p>\n for role in user_role:<\/p>\n if permission in roles_permissions.get(role, []):<\/p>\n return True<\/p>\n return False<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u51fd\u6570\u63a5\u6536\u4e00\u4e2a\u7528\u6237\u548c\u4e00\u4e2a\u6743\u9650\u4f5c\u4e3a\u53c2\u6570\uff0c\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u8be5\u6743\u9650\u3002\u5982\u679c\u7528\u6237\u62e5\u6709\u8be5\u6743\u9650\uff0c\u5219\u8fd4\u56de \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u5e94\u7528\uff0c\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u4e0a\u8ff0\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u6765\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\uff1a<\/p>\n<\/p>\n if has_permission(user, 'create_user'):<\/p>\n print(f"{user} is creating a new user.")<\/p>\n else:<\/p>\n print(f"{user} does not have permission to create a new user.")<\/p>\n def delete_user(user):<\/p>\n if has_permission(user, 'delete_user'):<\/p>\n print(f"{user} is deleting a user.")<\/p>\n else:<\/p>\n print(f"{user} does not have permission to delete a user.")<\/p>\n def view_user(user):<\/p>\n if has_permission(user, 'view_user'):<\/p>\n print(f"{user} is viewing a user.")<\/p>\n else:<\/p>\n print(f"{user} does not have permission to view a user.")<\/p>\n def edit_user(user):<\/p>\n if has_permission(user, 'edit_user'):<\/p>\n print(f"{user} is editing a user.")<\/p>\n else:<\/p>\n print(f"{user} does not have permission to edit a user.")<\/p>\n create_user('alice') # alice is creating a new user.<\/p>\n delete_user('bob') # bob does not have permission to delete a user.<\/p>\n view_user('charlie') # charlie is viewing a user.<\/p>\n edit_user('alice') # alice is editing a user.<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u793a\u4f8b\u5e94\u7528\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u6765\u63a7\u5236\u7528\u6237\u5bf9\u4e0d\u540c\u64cd\u4f5c\u7684\u8bbf\u95ee\u6743\u9650\u3002<\/p>\n<\/p>\n \u4e8c\u3001\u57fa\u4e8e\u88c5\u9970\u5668\u7684\u65b9\u6cd5<\/p>\n<\/p>\n \u88c5\u9970\u5668\u662f\u4e00\u79cd\u53ef\u4ee5\u5728\u8fd0\u884c\u65f6\u4fee\u6539\u51fd\u6570\u884c\u4e3a\u7684\u51fd\u6570\uff0c\u5b83\u4eec\u901a\u5e38\u7528\u4e8e\u5728\u51fd\u6570\u6267\u884c\u524d\u540e\u6dfb\u52a0\u4e00\u4e9b\u989d\u5916\u7684\u903b\u8f91\u3002\u88c5\u9970\u5668\u5728\u6743\u9650\u63a7\u5236\u4e2d\u975e\u5e38\u6709\u7528\uff0c\u56e0\u4e3a\u5b83\u4eec\u53ef\u4ee5\u5728\u51fd\u6570\u6267\u884c\u524d\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u6240\u9700\u7684\u6743\u9650\uff0c\u4ece\u800c\u51b3\u5b9a\u662f\u5426\u5141\u8bb8\u6267\u884c\u8be5\u51fd\u6570\u3002<\/p>\n<\/p>\n \u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u5b9a\u4e49\u4e00\u4e2a\u88c5\u9970\u5668\u6765\u68c0\u67e5\u7528\u6237\u6743\u9650\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n def requires_permission(permission):<\/p>\n def decorator(func):<\/p>\n @wraps(func)<\/p>\n def wrapper(user, *args, kwargs):<\/p>\n if has_permission(user, permission):<\/p>\n return func(user, *args, kwargs)<\/p>\n else:<\/p>\n print(f"{user} does not have permission to perform this action.")<\/p>\n return wrapper<\/p>\n return decorator<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u88c5\u9970\u5668\u63a5\u6536\u4e00\u4e2a\u6743\u9650\u4f5c\u4e3a\u53c2\u6570\uff0c\u5e76\u5728\u51fd\u6570\u6267\u884c\u524d\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u8be5\u6743\u9650\u3002\u5982\u679c\u7528\u6237\u62e5\u6709\u8be5\u6743\u9650\uff0c\u5219\u5141\u8bb8\u6267\u884c\u8be5\u51fd\u6570\uff1b\u5426\u5219\uff0c\u6253\u5370\u4e00\u6761\u9519\u8bef\u4fe1\u606f\u3002<\/p>\n<\/p>\n \u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u4e0a\u8ff0\u88c5\u9970\u5668\u6765\u4fee\u9970\u9700\u8981\u6743\u9650\u63a7\u5236\u7684\u51fd\u6570\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n def create_user(user):<\/p>\n print(f"{user} is creating a new user.")<\/p>\n @requires_permission('delete_user')<\/p>\n def delete_user(user):<\/p>\n print(f"{user} is deleting a user.")<\/p>\n @requires_permission('view_user')<\/p>\n def view_user(user):<\/p>\n print(f"{user} is viewing a user.")<\/p>\n @requires_permission('edit_user')<\/p>\n def edit_user(user):<\/p>\n print(f"{user} is editing a user.")<\/p>\n create_user('alice') # alice is creating a new user.<\/p>\n delete_user('bob') # bob does not have permission to delete a user.<\/p>\n view_user('charlie') # charlie is viewing a user.<\/p>\n edit_user('alice') # alice is editing a user.<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u793a\u4f8b\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u88c5\u9970\u5668\u6765\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002\u901a\u8fc7\u4f7f\u7528\u88c5\u9970\u5668\uff0c\u6211\u4eec\u53ef\u4ee5\u5728\u51fd\u6570\u6267\u884c\u524d\u68c0\u67e5\u7528\u6237\u6743\u9650\uff0c\u4ece\u800c\u7b80\u5316\u4e86\u6743\u9650\u63a7\u5236\u7684\u5b9e\u73b0\u3002<\/p>\n<\/p>\n \u4e09\u3001\u57fa\u4e8e\u7c7b\u7684\u65b9\u6cd5<\/p>\n<\/p>\n \u7c7b\u662f\u9762\u5411\u5bf9\u8c61\u7f16\u7a0b\u4e2d\u7684\u4e00\u79cd\u7ed3\u6784\uff0c\u5b83\u53ef\u4ee5\u5c01\u88c5\u6570\u636e\u548c\u65b9\u6cd5\uff0c\u901a\u8fc7\u5b9e\u4f8b\u5316\u7c7b\u53ef\u4ee5\u521b\u5efa\u5bf9\u8c61\u3002\u4f7f\u7528\u7c7b\u548c\u5bf9\u8c61\u53ef\u4ee5\u4f7f\u4ee3\u7801\u66f4\u52a0\u6a21\u5757\u5316\u548c\u53ef\u91cd\u7528\u3002\u5728\u6743\u9650\u63a7\u5236\u4e2d\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u7528\u7c7b\u6765\u5c01\u88c5\u7528\u6237\u548c\u6743\u9650\u7684\u76f8\u5173\u903b\u8f91\u3002<\/p>\n<\/p>\n \u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u5b9a\u4e49\u4e00\u4e2a\u7528\u6237\u7c7b\u6765\u8868\u793a\u7528\u6237\u53ca\u5176\u89d2\u8272\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n def __init__(self, username, roles):<\/p>\n self.username = username<\/p>\n self.roles = roles<\/p>\n def has_permission(self, permission):<\/p>\n for role in self.roles:<\/p>\n if permission in roles_permissions.get(role, []):<\/p>\n return True<\/p>\n return False<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u7528\u6237\u7c7b\u5305\u542b\u7528\u6237\u540d\u548c\u89d2\u8272\u4e24\u4e2a\u5c5e\u6027\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u4e2a\u65b9\u6cd5\u6765\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u67d0\u4e2a\u6743\u9650\u3002<\/p>\n<\/p>\n \u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u6743\u9650\u63a7\u5236\u7c7b\u6765\u7ba1\u7406\u7528\u6237\u548c\u6743\u9650\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n def __init__(self):<\/p>\n self.users = {}<\/p>\n def add_user(self, username, roles):<\/p>\n self.users[username] = User(username, roles)<\/p>\n def remove_user(self, username):<\/p>\n if username in self.users:<\/p>\n del self.users[username]<\/p>\n def get_user(self, username):<\/p>\n return self.users.get(username)<\/p>\n def check_permission(self, username, permission):<\/p>\n user = self.get_user(username)<\/p>\n if user:<\/p>\n return user.has_permission(permission)<\/p>\n return False<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u6743\u9650\u63a7\u5236\u7c7b\u5305\u542b\u7528\u6237\u7684\u7ba1\u7406\u65b9\u6cd5\u548c\u6743\u9650\u68c0\u67e5\u65b9\u6cd5\u3002<\/p>\n<\/p>\n \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u5e94\u7528\uff0c\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u7c7b\u548c\u5bf9\u8c61\u6765\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\uff1a<\/p>\n<\/p>\n pc.add_user('alice', ['admin'])<\/p>\n pc.add_user('bob', ['editor'])<\/p>\n pc.add_user('charlie', ['viewer'])<\/p>\n def create_user(username):<\/p>\n if pc.check_permission(username, 'create_user'):<\/p>\n print(f"{username} is creating a new user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to create a new user.")<\/p>\n def delete_user(username):<\/p>\n if pc.check_permission(username, 'delete_user'):<\/p>\n print(f"{username} is deleting a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to delete a user.")<\/p>\n def view_user(username):<\/p>\n if pc.check_permission(username, 'view_user'):<\/p>\n print(f"{username} is viewing a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to view a user.")<\/p>\n def edit_user(username):<\/p>\n if pc.check_permission(username, 'edit_user'):<\/p>\n print(f"{username} is editing a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to edit a user.")<\/p>\n create_user('alice') # alice is creating a new user.<\/p>\n delete_user('bob') # bob does not have permission to delete a user.<\/p>\n view_user('charlie') # charlie is viewing a user.<\/p>\n edit_user('alice') # alice is editing a user.<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u793a\u4f8b\u5e94\u7528\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528\u7c7b\u548c\u5bf9\u8c61\u6765\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002\u901a\u8fc7\u4f7f\u7528\u7c7b\u548c\u5bf9\u8c61\uff0c\u6211\u4eec\u53ef\u4ee5\u4f7f\u4ee3\u7801\u66f4\u52a0\u6a21\u5757\u5316\u548c\u53ef\u91cd\u7528\uff0c\u4ece\u800c\u63d0\u9ad8\u4ee3\u7801\u7684\u53ef\u7ef4\u62a4\u6027\u3002<\/p>\n<\/p>\n \u56db\u3001\u7ed3\u5408\u6570\u636e\u5e93\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236<\/p>\n<\/p>\n \u5728\u5b9e\u9645\u5e94\u7528\u4e2d\uff0c\u7528\u6237\u548c\u6743\u9650\u7684\u4fe1\u606f\u901a\u5e38\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u3002\u901a\u8fc7\u5c06\u7528\u6237\u548c\u6743\u9650\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u53ef\u4ee5\u66f4\u65b9\u4fbf\u5730\u8fdb\u884c\u7ba1\u7406\u548c\u67e5\u8be2\u3002\u5e38\u7528\u7684\u6570\u636e\u5e93\u5305\u62ec\u5173\u7cfb\u578b\u6570\u636e\u5e93\uff08\u5982MySQL\u3001PostgreSQL\uff09\u548c\u975e\u5173\u7cfb\u578b\u6570\u636e\u5e93\uff08\u5982MongoDB\uff09\u3002<\/p>\n<\/p>\n SQLAlchemy\u662f\u4e00\u4e2aPython\u7684SQL\u5de5\u5177\u5305\u548c\u5bf9\u8c61\u5173\u7cfb\u6620\u5c04\uff08ORM\uff09\u5e93\uff0c\u53ef\u4ee5\u65b9\u4fbf\u5730\u4e0e\u6570\u636e\u5e93\u8fdb\u884c\u4ea4\u4e92\u3002\u4e0b\u9762\u5c06\u5c55\u793a\u5982\u4f55\u4f7f\u7528SQLAlchemy\u4e0eSQLite\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002<\/p>\n<\/p>\n \u9996\u5148\uff0c\u9700\u8981\u5b89\u88c5SQLAlchemy\u5e93\u3002\u53ef\u4ee5\u4f7f\u7528pip\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5\uff1a<\/p>\n<\/p>\n <\/code><\/pre>\n<\/p>\n \u63a5\u4e0b\u6765\uff0c\u5b9a\u4e49\u6570\u636e\u5e93\u6a21\u578b\u6765\u8868\u793a\u7528\u6237\u3001\u89d2\u8272\u548c\u6743\u9650\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n from sqlalchemy.ext.declarative import declarative_base<\/p>\n from sqlalchemy.orm import relationship, sessionmaker<\/p>\n Base = declarative_base()<\/p>\n role_permissions = Table('role_permissions', Base.metadata,<\/p>\n Column('role_id', Integer, ForeignKey('roles.id')),<\/p>\n Column('permission_id', Integer, ForeignKey('permissions.id'))<\/p>\n )<\/p>\n class User(Base):<\/p>\n __tablename__ = 'users'<\/p>\n id = Column(Integer, primary_key=True)<\/p>\n username = Column(String, unique=True)<\/p>\n roles = relationship('Role', secondary='user_roles', back_populates='users')<\/p>\n class Role(Base):<\/p>\n __tablename__ = 'roles'<\/p>\n id = Column(Integer, primary_key=True)<\/p>\n name = Column(String, unique=True)<\/p>\n users = relationship('User', secondary='user_roles', back_populates='roles')<\/p>\n permissions = relationship('Permission', secondary=role_permissions, back_populates='roles')<\/p>\n class Permission(Base):<\/p>\n __tablename__ = 'permissions'<\/p>\n id = Column(Integer, primary_key=True)<\/p>\n name = Column(String, unique=True)<\/p>\n roles = relationship('Role', secondary=role_permissions, back_populates='permissions')<\/p>\n user_roles = Table('user_roles', Base.metadata,<\/p>\n Column('user_id', Integer, ForeignKey('users.id')),<\/p>\n Column('role_id', Integer, ForeignKey('roles.id'))<\/p>\n )<\/p>\n <\/code><\/pre>\n<\/p>\n \u5b9a\u4e49\u597d\u6570\u636e\u5e93\u6a21\u578b\u540e\uff0c\u521b\u5efa\u6570\u636e\u5e93\u548c\u8868\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n Base.metadata.create_all(engine)<\/p>\n Session = sessionmaker(bind=engine)<\/p>\n session = Session()<\/p>\n <\/code><\/pre>\n<\/p>\n \u63a5\u4e0b\u6765\uff0c\u6dfb\u52a0\u4e00\u4e9b\u7528\u6237\u3001\u89d2\u8272\u548c\u6743\u9650\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n editor_role = Role(name='editor')<\/p>\n viewer_role = Role(name='viewer')<\/p>\n create_user_permission = Permission(name='create_user')<\/p>\n delete_user_permission = Permission(name='delete_user')<\/p>\n view_user_permission = Permission(name='view_user')<\/p>\n edit_user_permission = Permission(name='edit_user')<\/p>\n admin_role.permissions = [create_user_permission, delete_user_permission, view_user_permission, edit_user_permission]<\/p>\n editor_role.permissions = [view_user_permission, edit_user_permission]<\/p>\n viewer_role.permissions = [view_user_permission]<\/p>\n alice = User(username='alice', roles=[admin_role])<\/p>\n bob = User(username='bob', roles=[editor_role])<\/p>\n charlie = User(username='charlie', roles=[viewer_role])<\/p>\n session.add_all([admin_role, editor_role, viewer_role, create_user_permission, delete_user_permission, view_user_permission, edit_user_permission, alice, bob, charlie])<\/p>\n session.commit()<\/p>\n <\/code><\/pre>\n<\/p>\n \u4e3a\u4e86\u68c0\u67e5\u7528\u6237\u662f\u5426\u62e5\u6709\u67d0\u4e2a\u6743\u9650\uff0c\u53ef\u4ee5\u7f16\u5199\u4e00\u4e2a\u51fd\u6570\u6765\u5b9e\u73b0\u3002\u4f8b\u5982\uff1a<\/p>\n<\/p>\n user = session.query(User).filter_by(username=username).first()<\/p>\n if user:<\/p>\n for role in user.roles:<\/p>\n for permission in role.permissions:<\/p>\n if permission.name == permission_name:<\/p>\n return True<\/p>\n return False<\/p>\n <\/code><\/pre>\n<\/p>\n \u4e0b\u9762\u662f\u4e00\u4e2a\u793a\u4f8b\u5e94\u7528\uff0c\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528SQLAlchemy\u4e0eSQLite\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\uff1a<\/p>\n<\/p>\n if has_permission(username, 'create_user'):<\/p>\n print(f"{username} is creating a new user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to create a new user.")<\/p>\n def delete_user(username):<\/p>\n if has_permission(username, 'delete_user'):<\/p>\n print(f"{username} is deleting a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to delete a user.")<\/p>\n def view_user(username):<\/p>\n if has_permission(username, 'view_user'):<\/p>\n print(f"{username} is viewing a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to view a user.")<\/p>\n def edit_user(username):<\/p>\n if has_permission(username, 'edit_user'):<\/p>\n print(f"{username} is editing a user.")<\/p>\n else:<\/p>\n print(f"{username} does not have permission to edit a user.")<\/p>\n create_user('alice') # alice is creating a new user.<\/p>\n delete_user('bob') # bob does not have permission to delete a user.<\/p>\n view_user('charlie') # charlie is viewing a user.<\/p>\n edit_user('alice') # alice is editing a user.<\/p>\n <\/code><\/pre>\n<\/p>\n \u8fd9\u4e2a\u793a\u4f8b\u5e94\u7528\u5c55\u793a\u4e86\u5982\u4f55\u4f7f\u7528SQLAlchemy\u4e0eSQLite\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002\u901a\u8fc7\u5c06\u7528\u6237\u548c\u6743\u9650\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\uff0c\u53ef\u4ee5\u66f4\u65b9\u4fbf\u5730\u8fdb\u884c\u7ba1\u7406\u548c\u67e5\u8be2\u3002<\/p>\n<\/p>\n \u4e94\u3001\u603b\u7ed3<\/p>\n<\/p>\n \u672c\u6587\u4ecb\u7ecd\u4e86Python\u7528\u6237\u6743\u9650\u63a7\u5236\u7684\u51e0\u79cd\u5b9e\u73b0\u65b9\u6cd5\uff0c\u5305\u62ec\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u3001\u57fa\u4e8e\u88c5\u9970\u5668\u7684\u65b9\u6cd5\u3001\u57fa\u4e8e\u7c7b\u7684\u65b9\u6cd5\u4ee5\u53ca\u7ed3\u5408\u6570\u636e\u5e93\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf<\/strong>\u662f\u4e00\u79cd\u7075\u6d3b\u4e14\u5e38\u89c1\u7684\u65b9\u6cd5\uff0c\u53ef\u4ee5\u901a\u8fc7\u9884\u5b9a\u4e49\u4e0d\u540c\u7684\u89d2\u8272\u548c\u6743\u9650\u6765\u65b9\u4fbf\u5730\u7ba1\u7406\u7528\u6237\u7684\u6743\u9650\u3002\u57fa\u4e8e\u88c5\u9970\u5668\u7684\u65b9\u6cd5<\/strong>\u53ef\u4ee5\u7b80\u5316\u6743\u9650\u63a7\u5236\u7684\u5b9e\u73b0\uff0c\u901a\u8fc7\u5728\u51fd\u6570\u6267\u884c\u524d\u68c0\u67e5\u7528\u6237\u6743\u9650\u6765\u51b3\u5b9a\u662f\u5426\u5141\u8bb8\u6267\u884c\u8be5\u51fd\u6570\u3002\u57fa\u4e8e\u7c7b\u7684\u65b9\u6cd5<\/strong>\u53ef\u4ee5\u4f7f\u4ee3\u7801\u66f4\u52a0\u6a21\u5757\u5316\u548c\u53ef\u91cd\u7528\uff0c\u901a\u8fc7\u5c01\u88c5\u7528\u6237\u548c\u6743\u9650\u7684\u76f8\u5173\u903b\u8f91\u6765\u63d0\u9ad8\u4ee3\u7801\u7684\u53ef\u7ef4\u62a4\u6027\u3002\u7ed3\u5408\u6570\u636e\u5e93\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236<\/strong>\u53ef\u4ee5\u66f4\u65b9\u4fbf\u5730\u8fdb\u884c\u7ba1\u7406\u548c\u67e5\u8be2\uff0c\u901a\u8fc7\u5c06\u7528\u6237\u548c\u6743\u9650\u4fe1\u606f\u5b58\u50a8\u5728\u6570\u636e\u5e93\u4e2d\u6765\u5b9e\u73b0\u6301\u4e45\u5316\u5b58\u50a8\u3002<\/p>\n<\/p>\n \u5728\u5b9e\u9645\u5e94\u7528\u4e2d\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u9700\u6c42\u9009\u62e9\u5408\u9002\u7684\u5b9e\u73b0\u65b9\u6cd5\u3002\u65e0\u8bba\u91c7\u7528\u54ea\u79cd\u65b9\u6cd5\uff0c\u90fd\u9700\u8981\u786e\u4fdd\u6743\u9650\u63a7\u5236\u7684\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\uff0c\u4ee5\u9632\u6b62\u672a\u6388\u6743\u7528\u6237\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u6267\u884c\u4e0d\u5141\u8bb8\u7684\u64cd\u4f5c\u3002\u5e0c\u671b\u672c\u6587\u80fd\u591f\u5bf9\u60a8\u4e86\u89e3\u548c\u5b9e\u73b0Python\u7528\u6237\u6743\u9650\u63a7\u5236\u6709\u6240\u5e2e\u52a9\u3002<\/p>\n<\/p>\n \u5982\u4f55\u5728Python\u4e2d\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u7684\u57fa\u672c\u6b65\u9aa4\u662f\u4ec0\u4e48\uff1f<\/strong> Python\u4e2d\u6709\u54ea\u4e9b\u5e38\u7528\u7684\u5e93\u53ef\u4ee5\u5e2e\u52a9\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\uff1f<\/strong> \u5982\u4f55\u786e\u4fdd\u7528\u6237\u6743\u9650\u63a7\u5236\u7684\u5b89\u5168\u6027\u548c\u53ef\u9760\u6027\uff1f<\/strong>\n
\n
roles_permissions = {<\/p>\nadmin<\/code>\u89d2\u8272\u62e5\u6709\u521b\u5efa\u7528\u6237\u3001\u5220\u9664\u7528\u6237\u3001\u67e5\u770b\u7528\u6237\u548c\u7f16\u8f91\u7528\u6237\u7684\u6743\u9650\uff0ceditor<\/code>\u89d2\u8272\u62e5\u6709\u67e5\u770b\u7528\u6237\u548c\u7f16\u8f91\u7528\u6237\u7684\u6743\u9650\uff0c\u800cviewer<\/code>\u89d2\u8272\u53ea\u62e5\u6709\u67e5\u770b\u7528\u6237\u7684\u6743\u9650\u3002<\/p>\n<\/p>\n\n
user_roles = {<\/p>\nalice<\/code>\u7528\u6237\u88ab\u5206\u914d\u4e86admin<\/code>\u89d2\u8272\uff0cbob<\/code>\u7528\u6237\u88ab\u5206\u914d\u4e86editor<\/code>\u89d2\u8272\uff0c\u800ccharlie<\/code>\u7528\u6237\u88ab\u5206\u914d\u4e86viewer<\/code>\u89d2\u8272\u3002<\/p>\n<\/p>\n\n
def has_permission(user, permission):<\/p>\nTrue<\/code>\uff0c\u5426\u5219\u8fd4\u56deFalse<\/code>\u3002<\/p>\n<\/p>\n\n
def create_user(user):<\/p>\n\u793a\u4f8b<\/strong><\/h2>\n
\n
\n
from functools import wraps<\/p>\n\n
@requires_permission('create_user')<\/p>\n\u793a\u4f8b<\/strong><\/h2>\n
\n
\n
class User:<\/p>\n\n
class PermissionControl:<\/p>\n\n
pc = PermissionControl()<\/p>\n\u793a\u4f8b<\/strong><\/h2>\n
\n
\n
\n
pip install sqlalchemy<\/p>\n\n
from sqlalchemy import create_engine, Column, Integer, String, Table, ForeignKey<\/p>\n\u89d2\u8272\u548c\u6743\u9650\u7684\u591a\u5bf9\u591a\u5173\u7cfb\u8868<\/strong><\/h2>\n
\u7528\u6237\u548c\u89d2\u8272\u7684\u591a\u5bf9\u591a\u5173\u7cfb\u8868<\/strong><\/h2>\n
\n
engine = create_engine('sqlite:\/\/\/permissions.db')<\/p>\n\n
admin_role = Role(name='admin')<\/p>\n\n
def has_permission(username, permission_name):<\/p>\n\n
def create_user(username):<\/p>\n\u793a\u4f8b<\/strong><\/h2>\n
\u76f8\u5173\u95ee\u7b54FAQs\uff1a<\/strong><\/h2>\n
\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u7684\u57fa\u672c\u6b65\u9aa4\u5305\u62ec\uff1a\u9996\u5148\uff0c\u5b9a\u4e49\u7528\u6237\u89d2\u8272\u53ca\u5176\u6743\u9650\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u521b\u5efa\u7ba1\u7406\u5458\u3001\u7f16\u8f91\u548c\u666e\u901a\u7528\u6237\u7b49\u89d2\u8272\u3002\u63a5\u7740\uff0c\u5229\u7528\u6570\u636e\u5e93\u6216\u914d\u7f6e\u6587\u4ef6\u5b58\u50a8\u7528\u6237\u4fe1\u606f\u548c\u6743\u9650\u8bbe\u7f6e\u3002\u7136\u540e\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u4e2d\u5b9e\u73b0\u6743\u9650\u68c0\u67e5\u903b\u8f91\uff0c\u5728\u7528\u6237\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u9a8c\u8bc1\u5176\u89d2\u8272\u662f\u5426\u5177\u5907\u76f8\u5e94\u7684\u6743\u9650\u3002\u6700\u540e\uff0c\u786e\u4fdd\u5728\u7528\u6237\u754c\u9762\u4e2d\u6839\u636e\u6743\u9650\u52a8\u6001\u663e\u793a\u6216\u9690\u85cf\u529f\u80fd\uff0c\u4ee5\u63d0\u9ad8\u5b89\u5168\u6027\u548c\u7528\u6237\u4f53\u9a8c\u3002<\/p>\n
\u5728Python\u4e2d\uff0c\u6709\u591a\u4e2a\u5e93\u53ef\u4ee5\u5e2e\u52a9\u5b9e\u73b0\u7528\u6237\u6743\u9650\u63a7\u5236\u3002\u6bd4\u5982\uff0cFlask\u6846\u67b6\u4e2d\u7684Flask-Login\u548cFlask-Principal\u53ef\u4ee5\u7528\u4e8e\u7528\u6237\u8ba4\u8bc1\u548c\u89d2\u8272\u7ba1\u7406\u3002Django\u6846\u67b6\u5185\u7f6e\u7684\u8ba4\u8bc1\u548c\u6743\u9650\u7cfb\u7edf\u4e5f\u975e\u5e38\u5f3a\u5927\uff0c\u652f\u6301\u590d\u6742\u7684\u6743\u9650\u63a7\u5236\u9700\u6c42\u3002\u6b64\u5916\uff0cAuthlib\u548cOAuthLib\u7b49\u5e93\u53ef\u4ee5\u7528\u4e8e\u5b9e\u73b0\u57fa\u4e8e\u4ee4\u724c\u7684\u6743\u9650\u63a7\u5236\uff0c\u9002\u5408\u9700\u8981API\u8bbf\u95ee\u7684\u573a\u666f\u3002<\/p>\n
\u786e\u4fdd\u7528\u6237\u6743\u9650\u63a7\u5236\u7684\u5b89\u5168\u6027\u53ef\u4ee5\u901a\u8fc7\u51e0\u79cd\u65b9\u5f0f\u5b9e\u73b0\u3002\u9996\u5148\uff0c\u786e\u4fdd\u4f7f\u7528\u5b89\u5168\u7684\u5bc6\u7801\u5b58\u50a8\u673a\u5236\uff0c\u5982bcrypt\u6216argon2\uff0c\u4ee5\u9632\u6b62\u5bc6\u7801\u6cc4\u9732\u3002\u5176\u6b21\uff0c\u5b9a\u671f\u5ba1\u67e5\u548c\u66f4\u65b0\u6743\u9650\u8bbe\u7f6e\uff0c\u786e\u4fdd\u7528\u6237\u4ec5\u62e5\u6709\u5fc5\u8981\u7684\u6743\u9650\u3002\u91c7\u7528HTTPS\u534f\u8bae\u4f20\u8f93\u6570\u636e\uff0c\u4fdd\u62a4\u7528\u6237\u4fe1\u606f\u4e0d\u88ab\u4e2d\u95f4\u4eba\u653b\u51fb\u3002\u6b64\u5916\uff0c\u8bb0\u5f55\u7528\u6237\u64cd\u4f5c\u65e5\u5fd7\uff0c\u6709\u52a9\u4e8e\u8ffd\u8e2a\u548c\u5ba1\u8ba1\u7528\u6237\u884c\u4e3a\uff0c\u4ece\u800c\u53ca\u65f6\u53d1\u73b0\u5f02\u5e38\u6d3b\u52a8\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"Python\u7528\u6237\u6743\u9650\u63a7\u5236\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650\u7cfb\u7edf\u3001\u57fa\u4e8e\u88c5\u9970\u5668\u7684\u65b9\u6cd5\u3001\u57fa\u4e8e\u7c7b\u7684\u65b9\u6cd5\u6765\u5b9e\u73b0\u3002\u5176\u4e2d\uff0c\u4f7f\u7528\u89d2\u8272\u548c\u6743\u9650 […]","protected":false},"author":3,"featured_media":1176776,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/1176768"}],"collection":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/comments?post=1176768"}],"version-history":[{"count":"1","href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/1176768\/revisions"}],"predecessor-version":[{"id":1176777,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/posts\/1176768\/revisions\/1176777"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media\/1176776"}],"wp:attachment":[{"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/media?parent=1176768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/categories?post=1176768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/docs.pingcode.com\/wp-json\/wp\/v2\/tags?post=1176768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}