Django - 某些视图的用户权限?

时间:2020-12-03 16:48:21

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model.

从管理员我看到您可以为用户或用户组分配权限,以允许:允许添加,更改或删除模型中的数据。

That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow some users to access a certain services (pages/views) but not others.

这很好,但我还需要允许用户或用户组访问或不访问一组视图。我的网站上有某些类型的服务,所以我想让一些用户访问某些服务(页面/视图)而不是其他用户。

So how can I allow certain users/user groups access to certain views? Thank you!

那么如何允许某些用户/用户组访问某些视图?谢谢!

4 个解决方案

#1


23  

Users that cannot add or change etc. a certain model, will not be able to see it in the admin.

无法添加或更改某个型号的用户将无法在管理员中看到它。

If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.

如果我们正在讨论您自定义创建的视图,那么您可以创建一些检查用户权限的内容,如果他们没有该权限则返回404。权限与模型相关联,并且可以为组分配各种权限。

You can add a permission to a model like this:

您可以向模型添加权限,如下所示:

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

Then you can check a if a user has permission like this:

然后你可以检查一个用户是否有这样的权限:

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

Using permissions you can then easily add or remove them from users and groups simply using the admin interface.

使用权限,您可以使用管理界面轻松地从用户和组中添加或删除它们。

#2


9  

You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test if it's a bit more complicated:

您需要手动管理,但这很容易。据推测,有一个属性可以确定一个组是否有权查看视图:那么你只需要使用permission_required装饰器装饰该视图,如果这是一个关于用户是否具有特定权限的简单问题,还是user_passes_test,如果它有点更复杂:

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

assuming that is_allowed_to_see_view_myview is some sort of method on the User object.

假设is_allowed_to_see_view_myview是User对象上的某种方法。

The authentication docs are pretty comprehensive.

身份验证文档非常全面。

#3


1  

Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:

权限系统以模型为中心,并假定权限与模型相关联。我认为以下两种选择是最佳选择:

A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.

答:如果您的观点与某些特定模型相关,请使用该模型的自定义权限,如Marcus Whybrow所建议的那样。

B. [not tested, might not work] Subclasss User and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:

B. [未经过测试,可能无效]子类用户并在那里定义您自己的权限。您不需要实际模型,它只是您的应用程序的自定义权限的包装:

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

Don't forget to run syncdb to add custom permissions to database.

不要忘记运行syncdb以向数据库添加自定义权限。

#4


1  

For class based views you can inherit UserPassesTestMixin class into the view and define test_func

对于基于类的视图,您可以将UserPassesTestMixin类继承到视图中并定义test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

Take a look at this docs for more details on how to use this:

有关如何使用此文档的更多详细信息,请查看此文档:

#1


23  

Users that cannot add or change etc. a certain model, will not be able to see it in the admin.

无法添加或更改某个型号的用户将无法在管理员中看到它。

If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.

如果我们正在讨论您自定义创建的视图,那么您可以创建一些检查用户权限的内容,如果他们没有该权限则返回404。权限与模型相关联,并且可以为组分配各种权限。

You can add a permission to a model like this:

您可以向模型添加权限,如下所示:

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

Then you can check a if a user has permission like this:

然后你可以检查一个用户是否有这样的权限:

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

Using permissions you can then easily add or remove them from users and groups simply using the admin interface.

使用权限,您可以使用管理界面轻松地从用户和组中添加或删除它们。

#2


9  

You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test if it's a bit more complicated:

您需要手动管理,但这很容易。据推测,有一个属性可以确定一个组是否有权查看视图:那么你只需要使用permission_required装饰器装饰该视图,如果这是一个关于用户是否具有特定权限的简单问题,还是user_passes_test,如果它有点更复杂:

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

assuming that is_allowed_to_see_view_myview is some sort of method on the User object.

假设is_allowed_to_see_view_myview是User对象上的某种方法。

The authentication docs are pretty comprehensive.

身份验证文档非常全面。

#3


1  

Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:

权限系统以模型为中心,并假定权限与模型相关联。我认为以下两种选择是最佳选择:

A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.

答:如果您的观点与某些特定模型相关,请使用该模型的自定义权限,如Marcus Whybrow所建议的那样。

B. [not tested, might not work] Subclasss User and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:

B. [未经过测试,可能无效]子类用户并在那里定义您自己的权限。您不需要实际模型,它只是您的应用程序的自定义权限的包装:

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

Don't forget to run syncdb to add custom permissions to database.

不要忘记运行syncdb以向数据库添加自定义权限。

#4


1  

For class based views you can inherit UserPassesTestMixin class into the view and define test_func

对于基于类的视图,您可以将UserPassesTestMixin类继承到视图中并定义test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

Take a look at this docs for more details on how to use this:

有关如何使用此文档的更多详细信息,请查看此文档: