I have a range of models for my Django project. Everyone with a login has a Profile. A Profile will have certain permission access to the different parts of the website... Be able to view or edit certain accounts in the Account model. Be able to view or edit certain accounts in the Module model. Be able to delete or be blocked from accessing other Profiles. etc. People with Profiles do not access the normal Django built-in admin, it's all a custom website-side area where all of this stuff will take place.
我有一系列Django项目的模型。每个登录的人都有个人资料。个人资料将有一定的权限访问网站的不同部分……能够查看或编辑帐户模型中的某些帐户。能够查看或编辑模块模型中的某些帐户。能够删除或被阻止访问其他配置文件。拥有概要文件的人不访问一般的Django内置管理,它是一个自定义的web站点端区域,所有这些都将在这里发生。
Django's built in permissions stuff didn't seem to cover this sort of module/row level permissions. I was thinking of having a simple Permissions model with Profile and Permission Type foreign keys in them. Then all the things I want to be accessable only by Profiles with permissions will have a many to many to this Permissions model. But I'm not sure that's how to go about it?
Django内置的权限内容似乎没有包含这种模块/行级别的权限。我想拥有一个简单的权限模型,其中包含配置文件和权限类型的外键。然后,所有我希望仅通过具有权限的概要文件访问的东西,对这个权限模型将有很多很多。但我不确定这是怎么回事?
What is an ideal way of doing permissions for the profiles to restrict access to rows of other models?
对配置文件执行权限以限制对其他模型行的访问的理想方法是什么?
1 个解决方案
#1
1
Check out Florian Apolloner's Django Advent post on Object Permissions. I found it to be a decent way of doing object-level permissions.
查看Florian apollo的Django文章,了解对象权限。我发现这是一种不错的对象级权限的方式。
#1
1
Check out Florian Apolloner's Django Advent post on Object Permissions. I found it to be a decent way of doing object-level permissions.
查看Florian apollo的Django文章,了解对象权限。我发现这是一种不错的对象级权限的方式。