Django - 用户对某些视图的权限?

发布于 2024-10-10 11:40:05 字数 172 浏览 10 评论 0原文

从管理员那里我看到您可以向用户或用户组分配权限:允许从模型中添加、更改或删除数据。

这很好,但我还需要允许用户或用户组访问或不允许访问一组视图。我的网站上有某些类型的服务,因此我希望允许某些用户访问某些服务(页面/视图),但不允许其他用户访问。

那么如何允许某些用户/用户组访问某些视图呢?谢谢你!

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model.

That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow some users to access a certain services (pages/views) but not others.

So how can I allow certain users/user groups access to certain views? Thank you!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

沒落の蓅哖 2024-10-17 11:40:05

无法添加或更改等特定模型的用户将无法在管理中看到它。

如果我们谈论的是您自定义创建的视图,那么您可以创建一些东西来检查用户的权限,如果他们没有该权限,则返回 404。权限与模型相关联,可以为组分配各种权限。

您可以向模型添加权限,如下所示:

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

然后您可以检查用户是否具有如下权限:

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

使用权限,您只需使用管理界面即可轻松地从用户和组中添加或删除它们。

Users that cannot add or change etc. a certain model, will not be able to see it in the admin.

If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.

You can add a permission to a model like this:

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

Then you can check a if a user has permission like this:

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

Using permissions you can then easily add or remove them from users and groups simply using the admin interface.

忘年祭陌 2024-10-17 11:40:05

您需要手动管理,但这非常简单。大概有一个属性决定一个组是否有权查看某个视图:如果这是一个简单的问题,即用户是否具有特定的权限,那么您只需使用 permission_required 装饰器来装饰该视图,或者 user_passes_test (如果稍微复杂一点):

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

假设 is_allowed_to_see_view_myview 是 User 对象上的某种方法。

身份验证文档非常全面。

You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test if it's a bit more complicated:

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

assuming that is_allowed_to_see_view_myview is some sort of method on the User object.

The authentication docs are pretty comprehensive.

孤君无依 2024-10-17 11:40:05

对于基于类的视图,您可以将 UserPassesTestMixin 类继承到视图中并定义 test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

看看 此文档有关如何使用它的更多详细信息:

For class based views you can inherit UserPassesTestMixin class into the view and define test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

Take a look at this docs for more details on how to use this:

舞袖。长 2024-10-17 11:40:05

如果您使用的是 Django 1.9+,您应该能够使用 PermissionRequiredMixin

例如:

from django.contrib.auth.mixins import PermissionRequiredMixin

class MainView(PermissionRequiredMixin, View):
    permission_required = 'my_services.foo_bar'
    ...

这基本上是 UserPassesTestMixin 的一个特例,专门用于测试用户是否具有指定的权限。

If you are using Django 1.9+, you should be able to use PermissionRequiredMixin:

For example:

from django.contrib.auth.mixins import PermissionRequiredMixin

class MainView(PermissionRequiredMixin, View):
    permission_required = 'my_services.foo_bar'
    ...

This is basically a special case of UserPassesTestMixin, designed specifically to test whether the user has the indicated permission.

帅气尐潴 2024-10-17 11:40:05

权限系统以模型为中心,并假设权限与模型相关联。我认为以下 2 个替代方案是最佳选择:

A. 如果您的视图与某些特定模型相关,请按照 Marcus Whybrow 的建议对该模型使用自定义权限。

B. [未经测试,可能不起作用] 子类 User 并在那里定义您自己的权限。您不需要实际的模型,它只是应用程序自定义权限的包装器:

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

不要忘记运行 syncdb 向数据库添加自定义权限。

Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:

A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.

B. [not tested, might not work] Subclasss User and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

Don't forget to run syncdb to add custom permissions to database.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文