From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model.
从管理员我看到您可以为用户或用户组分配权限,以允许:允许添加,更改或删除模型中的数据。
That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow some users to access a certain services (pages/views) but not others.
这很好,但我还需要允许用户或用户组访问或不访问一组视图。我的网站上有某些类型的服务,所以我想让一些用户访问某些服务(页面/视图)而不是其他用户。
So how can I allow certain users/user groups access to certain views? Thank you!
那么如何允许某些用户/用户组访问某些视图?谢谢!
4 个解决方案
#1
23
Users that cannot add or change etc. a certain model, will not be able to see it in the admin.
无法添加或更改某个型号的用户将无法在管理员中看到它。
If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.
如果我们正在讨论您自定义创建的视图,那么您可以创建一些检查用户权限的内容,如果他们没有该权限则返回404。权限与模型相关联,并且可以为组分配各种权限。
You can add a permission to a model like this:
您可以向模型添加权限,如下所示:
# myproject/myapp/models.py
class MyModel(models.Model):
class Meta:
permissions = (
('permission_code', 'Friendly permission description'),
)
Then you can check a if a user has permission like this:
然后你可以检查一个用户是否有这样的权限:
@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
# ...
Using permissions you can then easily add or remove them from users and groups simply using the admin interface.
使用权限,您可以使用管理界面轻松地从用户和组中添加或删除它们。
#2
9
You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required
decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test
if it's a bit more complicated:
您需要手动管理,但这很容易。据推测,有一个属性可以确定一个组是否有权查看视图:那么你只需要使用permission_required装饰器装饰该视图,如果这是一个关于用户是否具有特定权限的简单问题,还是user_passes_test,如果它有点更复杂:
@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
...etc...
assuming that is_allowed_to_see_view_myview
is some sort of method on the User object.
假设is_allowed_to_see_view_myview是User对象上的某种方法。
The authentication docs are pretty comprehensive.
身份验证文档非常全面。
#3
1
Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:
权限系统以模型为中心,并假定权限与模型相关联。我认为以下两种选择是最佳选择:
A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.
答:如果您的观点与某些特定模型相关,请使用该模型的自定义权限,如Marcus Whybrow所建议的那样。
B. [not tested, might not work] Subclasss User
and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:
B. [未经过测试,可能无效]子类用户并在那里定义您自己的权限。您不需要实际模型,它只是您的应用程序的自定义权限的包装:
from django.contrib.auth.models import User
class MyUser(User):
class Meta:
permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))
Don't forget to run syncdb
to add custom permissions to database.
不要忘记运行syncdb以向数据库添加自定义权限。
#4
1
For class based views you can inherit UserPassesTestMixin
class into the view and define test_func
对于基于类的视图,您可以将UserPassesTestMixin类继承到视图中并定义test_func
from django.contrib.auth.mixins import UserPassesTestMixin
class MainView(UserPassesTestMixin, View):
def test_func(self):
return self.request.user.has_perm('app.get_main_view')
Take a look at this docs for more details on how to use this:
有关如何使用此文档的更多详细信息,请查看此文档:
#1
23
Users that cannot add or change etc. a certain model, will not be able to see it in the admin.
无法添加或更改某个型号的用户将无法在管理员中看到它。
If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.
如果我们正在讨论您自定义创建的视图,那么您可以创建一些检查用户权限的内容,如果他们没有该权限则返回404。权限与模型相关联,并且可以为组分配各种权限。
You can add a permission to a model like this:
您可以向模型添加权限,如下所示:
# myproject/myapp/models.py
class MyModel(models.Model):
class Meta:
permissions = (
('permission_code', 'Friendly permission description'),
)
Then you can check a if a user has permission like this:
然后你可以检查一个用户是否有这样的权限:
@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
# ...
Using permissions you can then easily add or remove them from users and groups simply using the admin interface.
使用权限,您可以使用管理界面轻松地从用户和组中添加或删除它们。
#2
9
You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required
decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test
if it's a bit more complicated:
您需要手动管理,但这很容易。据推测,有一个属性可以确定一个组是否有权查看视图:那么你只需要使用permission_required装饰器装饰该视图,如果这是一个关于用户是否具有特定权限的简单问题,还是user_passes_test,如果它有点更复杂:
@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
...etc...
assuming that is_allowed_to_see_view_myview
is some sort of method on the User object.
假设is_allowed_to_see_view_myview是User对象上的某种方法。
The authentication docs are pretty comprehensive.
身份验证文档非常全面。
#3
1
Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:
权限系统以模型为中心,并假定权限与模型相关联。我认为以下两种选择是最佳选择:
A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.
答:如果您的观点与某些特定模型相关,请使用该模型的自定义权限,如Marcus Whybrow所建议的那样。
B. [not tested, might not work] Subclasss User
and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:
B. [未经过测试,可能无效]子类用户并在那里定义您自己的权限。您不需要实际模型,它只是您的应用程序的自定义权限的包装:
from django.contrib.auth.models import User
class MyUser(User):
class Meta:
permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))
Don't forget to run syncdb
to add custom permissions to database.
不要忘记运行syncdb以向数据库添加自定义权限。
#4
1
For class based views you can inherit UserPassesTestMixin
class into the view and define test_func
对于基于类的视图,您可以将UserPassesTestMixin类继承到视图中并定义test_func
from django.contrib.auth.mixins import UserPassesTestMixin
class MainView(UserPassesTestMixin, View):
def test_func(self):
return self.request.user.has_perm('app.get_main_view')
Take a look at this docs for more details on how to use this:
有关如何使用此文档的更多详细信息,请查看此文档: