model:
# 角色表
class Role(db.Model):
r_id = db.Column(db.Integer, primary_key=True)
r_name = db.Column(db.String(10))
__tablename__ = 'role'
# 角色表和权限表的中间表
r_p = db.Table('r_p',
db.Column('role_id',db.Integer,db.ForeignKey('role.r_id'),primary_key=True),
db.Column('permission_id', db.Integer, db.ForeignKey('permission.p_id'),primary_key=True)
)
# 权限表
class Permission(db.Model):
p_id = db.Column(db.Integer, autoincrement=True, primary_key=True)
p_name = db.Column(db.String(16), unique=True)
p_er = db.Column(db.String(16), unique=True)
# 添加多对多的反向引用,必须用secondary指定中间关联表
roles =db.relationship('Role', secondary = r_p, backref = db.backref('permission', lazy = True))
__tablename__ = 'permission'
views视图函数:
# 多对多查询
知识兔# 权限管理/角色列表/查看权限
# 此处添加角色的权限,以角色表为主表
@user.route('/userperlist/', methods=['GET', 'POST'])
@is_login
def userperlist():
# 首先获得主表角色的ID
r_id = request.args.get('r_id')
# 使用ID来获取该角色对象
roles = Role.query.get(r_id)
# 然后通过角色,找权限
pers = roles.permission
#多对多添加
# 权限管理/角色列表/添加权限
@user.route('/adduserper/', methods=['GET', 'POST'])
@is_login
def adduserper():
r_id = request.args.get('r_id')
permissions = Permission.query.all()
if request.method == 'GET':
return render_template('add_user_per.html',permissions = permissions)
if request.method == 'POST':
p_id = request.form['p_id']
# 找出对应权限
# 此处用get(id)获取, 不要使用filter_by
permission = Permission.query.get(p_id)
# 找出对应角色
role = Role.query.get(r_id)
# 然后添加权限
role.permission.append(permission)
# 保存数据库
db.session.commit()
return redirect(url_for('user.roles'))
#多对多删除
# 权限管理/角色列表/减少权限
@user.route('/subuserper/', methods=['GET', 'POST'])
@is_login
def subuserper():
r_id = request.args.get('r_id')
roles = Role.query.get(r_id)
pers = roles.permission
if request.method == 'GET':
return render_template('user_per_list.html',pers=pers)
if request.method == 'POST':
p_id = request.form['p_id']
permission = Permission.query.get(p_id)
role = Role.query.get(r_id)
# 和添加一样,只是此处用的是remove()
role.permission.remove(permission)
db.session.commit()
return redirect(url_for('user.roles'))