在 Django 中根据用户身份验证设置模型字段的值
我正在尝试根据用户是否登录有选择地处理 Django/Python 应用程序中的字段。基本上,我有一个类似于以下内容的模型:
class Resource(models.Model):
uploaded = models.DateTimeField()
name = models.CharField(max_length=200)
description = models.CharField(max_length=500, blank=True)
file = models.CharField(max_length=200)
我想要做的是,如果用户恰好登录(并且基于针对某些权限后端的测试可以访问此资源),则将文件属性设置为一个值),如果用户未登录,则为另一个值。因此,当任何客户端代码尝试访问 Resource.file 时,如果用户未登录“http://mysite.com/dummy_resource_for_people_without_access”,它将得到类似以下内容'。但是,如果用户登录并通过了一些权限测试,则 resource.file 的值实际上将是该资源的真实 url(包括用于访问该资源的任何安全密钥等)。
根据我的阅读,您似乎只能通过将请求上下文从视图函数传递到模型来考虑当前登录的用户。但是,在上面的用例中,我试图在模型中更紧密地控制访问,而不需要客户端代码调用特殊函数。
I'm trying to selectively process a field in my Django/Python application based on whether a user is logged in or not. Basically, I have a model similar to the following:
class Resource(models.Model):
uploaded = models.DateTimeField()
name = models.CharField(max_length=200)
description = models.CharField(max_length=500, blank=True)
file = models.CharField(max_length=200)
What I want to do is for the file attribute to be set to one value if the user happens to be logged in (and has access to this resource based on a test against some permissions backend), and another value if the user is not logged in. So, when any client code tries to access Resource.file, it will get something like the following if the user is not logged in 'http://mysite.com/dummy_resource_for_people_without_access'. However, if the user is logged in and passes some tests for permissions, then the value of resource.file will actually be the true url of that resource (including any security keys etc. to access that resource).
From what I've read, it seems that you can only take account of the currently logged in user by passing that through the request context from a view function to the model. However, in the above use case I am trying to control the access more closely in the model without needing the client code to call a special function.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
最好的选择是创建一个用于访问文件属性的函数,并在那里进行检查。一般来说,可以将属性转换为隐式执行的描述符,但 Django 的元类魔法会阻碍这一点。
然而,总的来说,Django 被设计为在视图级别处理身份验证(并且做得非常干净)。如果您需要数据库层身份验证,请考虑不同的设置,例如 CouchDB。
Your best bet is to create a function used to access the file attribute, and check there. In general, it would possible to turn the attribute into a descriptor which does it implicitly, but Django's metaclass magic would impede that.
In general however, Django is designed to handle authentication at the view-level (and does it very cleanly). If you need database layer authentication, consider a different setup, such as CouchDB.
为了以防万一有人感兴趣,我通过在 django 中实际创建一个自定义模型字段来解决上述问题,然后该字段可以有一个方法让用户生成 URI。因此,在数据库中,我将上述资源的密钥存储在文件列中。然而,现在文件列是一些自定义字段:
上面的模式很好,因为我可以包装 db 字段,然后创建一个特定的方法来根据谁试图访问它来获取 uri。
Just in case anyone's interested, I solved the above issue by actually creating a custom model field in django that could then have a method that takes a user to generate a URI. So, in the database, I store a key to the resource as above in the file column. However, now the file column is some custom field:
The pattern above is nice because I can wrap the db field and then create a specific method for getting the uri based on who is trying to access it.