我的Django模型的权限
[英]Permissions on my Model for Django
问题描述
I have a model called Logs : 
我有一个称为Logs的模型:
class Logs(models.Model):
entry = models.CharField(max_length=100)
Some Users can administer logs, others edit and the rest only view. 一些用户可以管理日志,其他用户可以编辑,其余用户只能查看。 How would you handle such permissions in Django? 您将如何在Django中处理此类权限?
I was thinking of adding a new many-to-many field, one for admins the other for editors, then on the save function check which user is in what group. 我当时想添加一个新many-to-many字段,一个用于管理员,另一个用于编辑,然后在保存功能中检查哪个用户属于哪个组。
However, this seems static and bad, can I somehow use Django's built in permissions? 但是,这似乎是静态且不好的,我可以以某种方式使用Django的内置权限吗? What other solutions, packages are there, what is the best approach to this problem? 还有哪些其他解决方案,软件包,解决此问题的最佳方法是什么?
I have seen you can create custom permissions in Django ie 我已经看到您可以在Django中创建自定义权限,即
permission = Permission.objects.create(codename='can_publish',
name='Can Publish Logs',
content_type=content_type)
But how on Logs would I check the permissions, would this be done in the Save() method. 但是我将如何在Logs检查权限,这将在Save()方法中完成。
1 个解决方案
解决方案1
6 已采纳 2015-06-01 12:25:36
You're asking for permissions functionality which is implemented for you in django.contrib.auth . 您正在要求在django.contrib.auth中为您实现的权限功能。
In particular you would like to control who can edit a model, which is included in the default permissions of django. 特别是,您想控制谁可以编辑模型,这是django的默认权限所包含的。 You can also implement custom permissions if you need to. 如果需要,您还可以实现自定义权限 。
You would check these privileges on the views and django.contrib.auth provides the permission_required decorator . 您将在视图上检查这些特权,并且django.contrib.auth提供了permission_required 装饰器 。 Which does what you require. 您需要什么。
You do not need to reimplement the many to many field for editors admins and users either. 您也不需要为编辑管理员和用户重新实现“多对多”字段。 You can use django.contrib.auth Group to add your users to the respective group and then assign permissions to the groups: 您可以使用django.contrib.auth Group将用户添加到相应的组,然后将权限分配给这些组:
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
from api.models import Logs
new_group, created = Group.objects.get_or_create(name='new_group')
ct = ContentType.objects.get_for_model(Logs)
permission = Permission.objects.create(codename='can_clean_logs',
name='Can clean logs',
content_type=ct)
new_group.permissions.add(permission)
Check django-guardian for more fine-grained control and object-level permissions. 检查django-guardian以获得更细粒度的控制和对象级权限。
django-rest-framework provides a hook for permissions and provides a integration of django model permissions. django-rest-framework提供了权限挂钩,并提供了django模型权限的集成。
The following answer can also be helpful: 以下答案也可能有帮助:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.