需要限制访问权限以仅查看其输入的数据或在 django admin 中分配的数据
用户模型
class User(models.Model):
BLOOD_GROUP_CHOICES = (
('a+','A+'),
('a-','A-'),
('b+','B+'),
('b-','B-'),
('ab+','AB+'),
('ab-','AB-'),
('o+','O+'),
('o-','O-')
)
BILLABLE_and_NON_BILLABLE_CHOICES=(
('Billable','Billable'),
('Non-Billable','Non-Billable')
)
employee_name = models.OneToOneField(Default_User,on_delete=CASCADE)
dob=models.DateField(max_length=8)
email=models.EmailField(max_length=25,default=None)
pancard=models.CharField(max_length=25,default=None)
aadhar=models.CharField(max_length=20,default=None)
personal_email_id=models.EmailField(max_length=254,default=None)
phone = PhoneNumberField()
emergency_contact_no=models.IntegerField(default=None)
emergency_contact_name=models.CharField(max_length=100,null=True)
relation=models.CharField(max_length=25,default=None)
blood_group=models.CharField(max_length=25,choices=BLOOD_GROUP_CHOICES,null=True)
designation=models.ForeignKey(Designation,on_delete=CASCADE,related_name="designation")
billable_and_non_billable=models.CharField(max_length=25,choices=BILLABLE_and_NON_BILLABLE_CHOICES,default='Billable')
joining_date=models.DateField(max_length=15,null=True)
relieving_date=models.DateField(max_length=15,null=True)
class Meta:
db_table ='User'
def __str__(self):
return str(self.id)
工作模型
class Job(models.Model):
job_name=models.CharField(max_length=50)
client=models.ForeignKey(Client,on_delete=CASCADE,related_name='client',default=None)
#project=models.ForeignKey(Project,on_delete=CASCADE,related_name='project',default=None)
project = ChainedForeignKey(Project,chained_field="client", chained_model_field="client",show_all=False, auto_choose=True, sort=True)
user=models.ForeignKey(User,on_delete=CASCADE,related_name='user',default=None)
hours=models.TimeField(null=True)
start_date = models.DateTimeField(max_length=10)
end_date=models.DateTimeField(max_length=10)
class Meta:
db_table ='Job'
def __str__(self):
return '{} {}'.format(str(self.id), self.job_name)
admin.py
class StaffAdmin(admin.ModelAdmin):
'''def get_queryset(self, request):
qs = super().get_queryset(request)
print(f"\nrequest.user : {request.user}\n")
if request.user.is_superuser:
return qs
return qs.filter(user__id=request.user.id)'''
def get_queryset(self, request):
qs = super().get_queryset(request)
user = request.user
if user.is_superuser:
return qs
return qs.filter(user_id=request.user.id)
自定义用户模型
class Default_User(AbstractBaseUser, PermissionsMixin):
username = models.CharField(max_length=30, unique=True)
email = models.EmailField(max_length=250, unique=True)
first_name = models.CharField(max_length=30, blank=True, null=True)
last_name = models.CharField(max_length=30, blank=True, null=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=True)
is_superuser = models.BooleanField(default=False)
date_joined = models.DateTimeField(default=timezone.now)
objects = UserManager()
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email', ]
我已授予员工用户查看权限,编辑和删除作业 API,但我需要限制为仅查看分配给该用户的作业,并编辑和删除用户添加的作业。但在上面的代码中我无法做到这一点,因为它没有显示超级用户分配给特定用户的作业。请帮助解决这个问题,因为我是 django 的新手,我被困在这个方法中。
User model
class User(models.Model):
BLOOD_GROUP_CHOICES = (
('a+','A+'),
('a-','A-'),
('b+','B+'),
('b-','B-'),
('ab+','AB+'),
('ab-','AB-'),
('o+','O+'),
('o-','O-')
)
BILLABLE_and_NON_BILLABLE_CHOICES=(
('Billable','Billable'),
('Non-Billable','Non-Billable')
)
employee_name = models.OneToOneField(Default_User,on_delete=CASCADE)
dob=models.DateField(max_length=8)
email=models.EmailField(max_length=25,default=None)
pancard=models.CharField(max_length=25,default=None)
aadhar=models.CharField(max_length=20,default=None)
personal_email_id=models.EmailField(max_length=254,default=None)
phone = PhoneNumberField()
emergency_contact_no=models.IntegerField(default=None)
emergency_contact_name=models.CharField(max_length=100,null=True)
relation=models.CharField(max_length=25,default=None)
blood_group=models.CharField(max_length=25,choices=BLOOD_GROUP_CHOICES,null=True)
designation=models.ForeignKey(Designation,on_delete=CASCADE,related_name="designation")
billable_and_non_billable=models.CharField(max_length=25,choices=BILLABLE_and_NON_BILLABLE_CHOICES,default='Billable')
joining_date=models.DateField(max_length=15,null=True)
relieving_date=models.DateField(max_length=15,null=True)
class Meta:
db_table ='User'
def __str__(self):
return str(self.id)
Job model
class Job(models.Model):
job_name=models.CharField(max_length=50)
client=models.ForeignKey(Client,on_delete=CASCADE,related_name='client',default=None)
#project=models.ForeignKey(Project,on_delete=CASCADE,related_name='project',default=None)
project = ChainedForeignKey(Project,chained_field="client", chained_model_field="client",show_all=False, auto_choose=True, sort=True)
user=models.ForeignKey(User,on_delete=CASCADE,related_name='user',default=None)
hours=models.TimeField(null=True)
start_date = models.DateTimeField(max_length=10)
end_date=models.DateTimeField(max_length=10)
class Meta:
db_table ='Job'
def __str__(self):
return '{} {}'.format(str(self.id), self.job_name)
admin.py
class StaffAdmin(admin.ModelAdmin):
'''def get_queryset(self, request):
qs = super().get_queryset(request)
print(f"\nrequest.user : {request.user}\n")
if request.user.is_superuser:
return qs
return qs.filter(user__id=request.user.id)'''
def get_queryset(self, request):
qs = super().get_queryset(request)
user = request.user
if user.is_superuser:
return qs
return qs.filter(user_id=request.user.id)
custom user model
class Default_User(AbstractBaseUser, PermissionsMixin):
username = models.CharField(max_length=30, unique=True)
email = models.EmailField(max_length=250, unique=True)
first_name = models.CharField(max_length=30, blank=True, null=True)
last_name = models.CharField(max_length=30, blank=True, null=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=True)
is_superuser = models.BooleanField(default=False)
date_joined = models.DateTimeField(default=timezone.now)
objects = UserManager()
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email', ]
I have given a privilege for the staff users to view, edit and delete the Job API, but I need to restrict to view only their job assigned to that users and edit and delete the jobs which the user have added. But in the above code I couldn't able to do it as it is not showing the jobs which is assigned to the specific user by the superuser. kindly help to resolve this issue as I am new to django i was stucked in this method.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您使用自定义 ModelAdmin 类,您需要根据要应用它的模型来注册它。 ModelAdmin 类是管理界面中模型的表示。
If you're using a custom ModelAdmin Class, you need to register it against the Model you want to apply it to. The ModelAdmin Class is the representation of a model in the admin interface.