qin/Book_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

精细权限控制

Browse Source
This commit is contained in:
superlishunqin 2025-05-17 04:48:05 +08:00
parent 1b7284a22d
commit 15ed6241f2
3 changed files with 90 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/__init__.py
View File

@ -43,7 +43,9 @@ def create_app(config=None):
def load_user(user_id):
return User.query.get(int(user_id))
from app.utils.template_helpers import register_template_helpers
# 注册蓝图
register_template_helpers(app)
app.register_blueprint(user_bp, url_prefix='/user')
app.register_blueprint(book_bp, url_prefix='/book')
app.register_blueprint(borrow_bp, url_prefix='/borrow')

88
app/templates/base.html
View File

@ -32,34 +32,68 @@
<li class="{% if '/announcement' in request.path %}active{% endif %}">
<a href="{{ url_for('announcement.announcement_list') }}"><i class="fas fa-bell"></i> 通知公告</a>
</li>
{% if current_user.is_authenticated and current_user.role_id == 1 %}
<li class="nav-category">管理功能</li>
<li class="{% if '/user/manage' in request.path %}active{% endif %}">
<a href="{{ url_for('user.user_list') }}"><i class="fas fa-users"></i> 用户管理</a>
</li>
<li class="{% if '/user/roles' in request.path %}active{% endif %}">
<a href="{{ url_for('user.role_list') }}"><i class="fas fa-user-tag"></i> 角色管理</a>
</li>
<li class="{% if '/book/admin/list' in request.path %}active{% endif %}">
<a href="{{ url_for('book.admin_book_list') }}"><i class="fas fa-layer-group"></i> 图书管理</a>
</li>
<li class="{% if '/borrow/manage' in request.path %}active{% endif %}">
{% if current_user.role_id == 1 %}
<a href="{{ url_for('borrow.manage_borrows') }}"><i class="fas fa-exchange-alt"></i> 借阅管理</a>
{% if current_user.is_authenticated %}
<!-- 管理功能菜单,根据用户权限显示 -->
{% if current_user.role_id == 1 or current_user.role.permissions.count() > 0 %}
<li class="nav-category">管理功能</li>
<!-- 用户管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_users') %}
<li class="{% if '/user/manage' in request.path %}active{% endif %}">
<a href="{{ url_for('user.user_list') }}"><i class="fas fa-users"></i> 用户管理</a>
</li>
{% endif %}
<!-- 角色管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_roles') %}
<li class="{% if '/user/roles' in request.path %}active{% endif %}">
<a href="{{ url_for('user.role_list') }}"><i class="fas fa-user-tag"></i> 角色管理</a>
</li>
{% endif %}
<!-- 图书管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_books') %}
<li class="{% if '/book/admin/list' in request.path %}active{% endif %}">
<a href="{{ url_for('book.admin_book_list') }}"><i class="fas fa-layer-group"></i> 图书管理</a>
</li>
{% endif %}
<!-- 借阅管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_borrows') %}
<li class="{% if '/borrow/manage' in request.path %}active{% endif %}">
<a href="{{ url_for('borrow.manage_borrows') }}"><i class="fas fa-exchange-alt"></i> 借阅管理</a>
</li>
{% endif %}
<!-- 库存管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_inventory') %}
<li class="{% if '/inventory' in request.path %}active{% endif %}">
<a href="{{ url_for('inventory.inventory_list') }}"><i class="fas fa-warehouse"></i> 库存管理</a>
</li>
{% endif %}
<!-- 统计分析 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'view_statistics') %}
<li class="{% if '/statistics' in request.path %}active{% endif %}">
<a href="{{ url_for('statistics.index') }}"><i class="fas fa-chart-bar"></i> 统计分析</a>
</li>
{% endif %}
<!-- 日志管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'view_logs') %}
<li class="{% if '/log' in request.path %}active{% endif %}">
<a href="{{ url_for('log.log_list') }}"><i class="fas fa-history"></i> 日志管理</a>
</li>
{% endif %}
<!-- 公告管理 -->
{% if current_user.role_id == 1 or has_permission(current_user, 'manage_announcements') %}
<li class="{% if '/announcement/manage' in request.path %}active{% endif %}">
<a href="{{ url_for('announcement.manage_announcements') }}"><i class="fas fa-bullhorn"></i> 公告管理</a>
</li>
{% endif %}
{% endif %}
</li>
<li class="{% if '/inventory' in request.path %}active{% endif %}">
<a href="{{ url_for('inventory.inventory_list') }}"><i class="fas fa-warehouse"></i> 库存管理</a>
</li>
<li class="{% if '/statistics' in request.path %}active{% endif %}">
<a href="{{ url_for('statistics.index') }}"><i class="fas fa-chart-bar"></i> 统计分析</a>
</li>
<li class="{% if '/log' in request.path %}active{% endif %}">
<a href="{{ url_for('log.log_list') }}"><i class="fas fa-history"></i> 日志管理</a>
</li>
<li class="{% if '/announcement/manage' in request.path %}active{% endif %}">
<a href="{{ url_for('announcement.manage_announcements') }}"><i class="fas fa-bullhorn"></i> 公告管理</a>
</li>
{% endif %}
</ul>
</nav>

27
app/utils/template_helpers.py Normal file
View File

@ -0,0 +1,27 @@
from app.models.permission import Permission
from flask import current_app
def register_template_helpers(app):
@app.context_processor
def inject_permissions():
def has_permission(user, permission_code):
"""检查用户是否拥有指定权限"""
if not user or not user.is_authenticated:
return False
# 管理员拥有所有权限
if user.role_id == 1:
return True
# 检查用户角色权限
if user.role:
for perm in user.role.permissions:
if perm.code == permission_code:
return True
return False
return dict(has_permission=has_permission)
# 在 create_app 函数中调用
# register_template_helpers(app)