[英]Django Admin without Authentication
Is there a ready way to use the Django admin page without any form of authentication?有没有现成的方法可以在没有任何形式的身份验证的情况下使用 Django 管理页面? I know I can use this method , but that was for Django 1.3.我知道我可以使用这种方法,但那是针对 Django 1.3 的。 Are there any changes that would let me do this more easily in Django 1.6?是否有任何更改可以让我在 Django 1.6 中更轻松地做到这一点?
My main motivation for this is that I want to have as few database tables as possible, and I am using this only locally, so there is no need for any sort of authentication (I'm only ever running the server on localhost anyways).我这样做的主要动机是我想要尽可能少的数据库表,而且我只在本地使用它,所以不需要任何类型的身份验证(反正我只在本地主机上运行服务器)。
Create a module auto_auth.py
:创建一个模块auto_auth.py
:
from django.contrib.auth.models import User
from django.utils.deprecation import MiddlewareMixin
class AutoAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
request.user = User.objects.filter()[0]
Edit MIDDLEWARE
in your settings.py
:在settings.py
编辑MIDDLEWARE
:
'django.contrib.auth.middleware.AuthenticationMiddleware'
删除'django.contrib.auth.middleware.AuthenticationMiddleware'
'auto_auth.AutoAuthMiddleware'
添加'auto_auth.AutoAuthMiddleware'
You can change User.objects.filter()[0]
to something else if you want a particular user.如果您想要特定用户,您可以将User.objects.filter()[0]
更改为其他内容。
In response to your comment: yes.回应您的评论:是的。 To run the Django admin without users at all, try this:要在没有用户的情况下运行 Django 管理员,请尝试以下操作:
class User:
is_superuser = True
is_active = True
is_staff = True
id = 1
def return_true(*args, **kwargs):
return True
User.has_module_perms = return_true
User.has_perm = return_true
class AutoAuthMiddleware(MiddlewareMixin):
def process_request(self, request):
request.user = User()
And remove 'django.contrib.auth'
from INSTALLED_APPS
并从INSTALLED_APPS
删除'django.contrib.auth'
But if you use any apps that depend on the auth app, you're going to have a bad time.但是,如果您使用任何依赖于 auth 应用程序的应用程序,您将度过一段艰难的时光。
The accepted answer is already super simple however after messing around with this I found that in recent versions of Django (since admin.site.has_permission became a thing... >= 1.8?) you can do it without middleware.接受的答案已经非常简单了,但是在弄乱了这个之后,我发现在 Django 的最新版本中(因为 admin.site.has_permission 成为一件事......> = 1.8?)你可以在没有中间件的情况下做到这一点。
In your project's urls.py:在您项目的 urls.py 中:
from django.contrib import admin
class AccessUser:
has_module_perms = has_perm = __getattr__ = lambda s,*a,**kw: True
admin.site.has_permission = lambda r: setattr(r, 'user', AccessUser()) or True
# Register the admin views or call admin.autodiscover()
urlpatterns = [
# Your url configs then...
url(r'^admin/', admin.site.urls),
]
If you have AccessUser extend User you can leave out the __getattr__
portion which is a hacky way to return something when user.pk or similar is called.如果您有 AccessUser 扩展 User 您可以省略__getattr__
部分,这是在调用 user.pk 或类似内容时返回某些内容的一种hacky 方式。
/[yourapp]/middleware.py
: /[yourapp]/middleware.py
:
from django.contrib.auth.models import User
class AuthenticationMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
request.user = User.objects.filter()[0]
return self.get_response(request)
In [yourproject]/settings.py
for the MIDDLEWARE
list:在[yourproject]/settings.py
中的MIDDLEWARE
列表:
'django.contrib.auth.middleware.AuthenticationMiddleware',
评论或删除: 'django.contrib.auth.middleware.AuthenticationMiddleware',
'[yourapp].middleware.AuthenticationMiddleware',
附加: '[yourapp].middleware.AuthenticationMiddleware',
Probably obvious to most people but note that the solution still requires one user to exist.对于大多数人来说可能很明显,但请注意,该解决方案仍然需要一个用户存在。 Create one manually python manage.py createsuperuser
or automatically with a script:手动创建一个python manage.py createsuperuser
或使用脚本自动创建:
Another Option allows access from anyone: get the first user to bypass authentication另一个选项允许任何人访问:让第一个用户绕过身份验证
# app/admin.py
from django.contrib.auth.models import User
anonymous_user = User.objects.all().first()
admin.site.has_permission = lambda r: setattr(r, 'user', anonymous_user) or True
For the newer versions of django >=2.1 you need to do something like this:对于较新版本的 django >=2.1,您需要执行以下操作:
auto_auth.py auto_auth.py
class User:
is_superuser = True
is_active = True
is_staff = True
id = 1
pk = 1
User.has_module_perms = True
User.has_perm = True
class Middleware(object):
def __init__(self, get_response):
self.response = get_response
def __call__(self, request):
request.user = User()
return self.response(request)
And also don't forget to modify your settings middleware and deactivate django.contrib.auth
and add auto_auth
并且不要忘记修改您的设置中间件并停用django.contrib.auth
并添加auto_auth
For all using Django 3.0,对于所有使用 Django 3.0 的人,
comment out this code AUTH_USER_MODEL = 'customUser' in your settings.py and create a superuser ( python manage.py createsuperuser ) with the default user model first.在 settings.py 中注释掉这段代码AUTH_USER_MODEL = 'customUser'并首先使用默认用户模型创建一个超级用户( python manage.py createsuperuser )。
After creating the superuser then uncomment this code AUTH_USER_MODEL = 'customUser' .创建超级用户后,取消注释此代码AUTH_USER_MODEL = 'customUser' 。
This happened to me and that's what I did with Django 3.0这发生在我身上,这就是我对 Django 3.0 所做的
You should be good to go.你应该很高兴去。 Hope it helps希望能帮助到你
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.