django 实现编写控制登录和访问权限控制的中间件方法

MIDDLEWARE_CLASSES = (  'django.contrib.sessions.middleware.SessionMiddleware',  'django.middleware.common.CommonMiddleware',  #'django.middleware.csrf.CsrfViewMiddleware',  'django.contrib.auth.middleware.AuthenticationMiddleware',  'django.contrib.auth.middleware.SessionAuthenticationMiddleware',  'django.contrib.messages.middleware.MessageMiddleware',  'django.middleware.clickjacking.XFrameOptionsMiddleware',  'django.middleware.security.SecurityMiddleware',  'myTransport.views.ExteriorAuthMiddleware',)

class ExteriorAuthMiddleware(object):  #判断登录 权限控制	def process_request(self,request):		if request.method == 'GET':			requestData = request.GET		else:			requestData = request.POST				request.session['errmsg']=''		#如果用户没有认证，需要转到登录界面		if not request.session.has_key('_auth_user_id') and 'login' not in request.path:			return HttpResponseRedirect('/login/')		#如果用户已经登录		elif request.session.has_key('_auth_user_id') and 'logout' not in request.path:			###权限检验			try:				u=User.objects.get(username=request.user)				#判断token是否过期				if u.usertoken_set.all():					if u.usertoken_set.all()[0].token != request.session['Token']:						logger.error("token 不一致！")						return HttpResponseRedirect('/login/')				else:					logger.error("获取不到token!")					return HttpResponseRedirect('/login/') 				url=request.META['PATH_INFO']				print request.get_full_path()				#判断用户是否有某些页面的访问权限，如果没有，转到404页面				if not u.is_superuser:					if url.startswith('/transport/user_') or url.startswith('/log/'):						return error403(request, "权限不够！")			except Exception,e:				logger.error("in function process_request :"+ str(e))				return HttpResponseRedirect('/login/')		#用户已登录，而且url是login,将转到首页		if request.session.has_key('_auth_user_id') and 'login' in request.path:			return HttpResponseRedirect('/index/')