Django:设置自定义权限
[英]Django: Making custom permissions
问题描述
So I have lots of forms that aren't attached to models, like a search form. 
因此,我有许多未附加到模型的表单,例如搜索表单。 I don't want people to be able to access these without first verifying their account through an email. 我不希望人们无需先通过电子邮件验证其帐户即可访问这些帐户。 How is the best way to limit their ability to do this? 如何限制他们做到这一点的最佳方法? Is it through custom permissions? 通过自定义权限吗? If so, how do I go about this? 如果是这样,我该如何处理? Thank you so much! 非常感谢!
1 个解决方案
解决方案1
0 2016-03-22 05:09:01
You have several ways to do it: 您有几种方法可以做到:
UI level: when the search field is focused you can say through an alert or other mechanism to notify users you are not allowed to search.
用户界面级别:当搜索字段集中显示时,您可以通过警报或其他机制说出这些信息,以通知用户您不允许搜索。 Server level: assuming your user is logged in or has an account you can verify the user in the search request and return a response where you state you cannot search without confirming your email.
服务器级别:假设您的用户已登录或拥有帐户,则可以在搜索请求中验证该用户,并返回响应,指出您在未确认电子邮件的情况下无法搜索。 Don't let them use the site after registering unless they confirm their email.
除非他们确认电子邮件,否则不要让他们在注册后使用该网站。 You can see doing searches as data display and if you don't block that either you confuse users. 您可以看到进行搜索时会显示为数据,如果您不阻止它们,则还会混淆用户。 Why can I see all articles but can't search? 为什么我可以看到所有文章但无法搜索?
I would go for 3. and let them use the site. 我会去3.让他们使用该网站。 They can confirm it afterwards when they try to do something which modifies the DB (aka they try to post something, then from a psychological standpoint there is a block between them and their objective and they will be more willing to confirm in order to achieve their objective) 他们可以在以后尝试修改数据库时进行确认(也就是他们尝试发布某些内容,然后从心理角度看,他们与目标之间存在障碍,他们将更愿意确认以实现他们的目标)目的)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.