Django - 某些视图的用户权限？

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model.

从管理员我看到您可以为用户或用户组分配权限，以允许：允许添加，更改或删除模型中的数据。

That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow some users to access a certain services (pages/views) but not others.

这很好，但我还需要允许用户或用户组访问或不访问一组视图。我的网站上有某些类型的服务，所以我想让一些用户访问某些服务（页面/视图）而不是其他用户。

So how can I allow certain users/user groups access to certain views? Thank you!

那么如何允许某些用户/用户组访问某些视图？谢谢！

4 个解决方案

#1

Users that cannot add or change etc. a certain model, will not be able to see it in the admin.

无法添加或更改某个型号的用户将无法在管理员中看到它。

If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.

如果我们正在讨论您自定义创建的视图，那么您可以创建一些检查用户权限的内容，如果他们没有该权限则返回404。权限与模型相关联，并且可以为组分配各种权限。

You can add a permission to a model like this:

您可以向模型添加权限，如下所示：

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

Then you can check a if a user has permission like this:

然后你可以检查一个用户是否有这样的权限：

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

Using permissions you can then easily add or remove them from users and groups simply using the admin interface.

使用权限，您可以使用管理界面轻松地从用户和组中添加或删除它们。

#2

You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_required decorator, if it's a simple question of whether the user has a particular Permission, or user_passes_test if it's a bit more complicated:

您需要手动管理，但这很容易。据推测，有一个属性可以确定一个组是否有权查看视图：那么你只需要使用permission_required装饰器装饰该视图，如果这是一个关于用户是否具有特定权限的简单问题，还是user_passes_test，如果它有点更复杂：

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

assuming that is_allowed_to_see_view_myview is some sort of method on the User object.

假设is_allowed_to_see_view_myview是User对象上的某种方法。

The authentication docs are pretty comprehensive.

身份验证文档非常全面。

#3

Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:

权限系统以模型为中心，并假定权限与模型相关联。我认为以下两种选择是最佳选择：

A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.

答：如果您的观点与某些特定模型相关，请使用该模型的自定义权限，如Marcus Whybrow所建议的那样。

B. [not tested, might not work] Subclasss User and define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:

B. [未经过测试，可能无效]子类用户并在那里定义您自己的权限。您不需要实际模型，它只是您的应用程序的自定义权限的包装：

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

Don't forget to run syncdb to add custom permissions to database.

不要忘记运行syncdb以向数据库添加自定义权限。

#4

For class based views you can inherit UserPassesTestMixin class into the view and define test_func

对于基于类的视图，您可以将UserPassesTestMixin类继承到视图中并定义test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

Take a look at this docs for more details on how to use this:

有关如何使用此文档的更多详细信息，请查看此文档：

#1