[英]How do I assign specific users to a user-uploaded file so they can modify it/delete it (Django + Apache)
Im using django 1.10 + Apache in Linux. 我在Linux中使用django 1.10 + Apache。 I've created a small webapp to upload documents (with dropzone.js) and want to implement the ability for a user to specify who can view/modify/delete a specific file but i can't figure out a way how.
我已经创建了一个小型的Webapp来上传文档(使用dropzone.js),并希望实现用户指定谁可以查看/修改/删除特定文件的功能,但是我不知道该怎么做。 I attempted using a ManyToManyField but maybe im not understading the Field itself correctly.
我尝试使用ManyToManyField,但可能即时通讯没有正确理解Field本身。
The "Document" model is this: “文档”模型是这样的:
class Document(models.Model):
file = models.FileField(upload_to = 'files/')
#validators=[validate_file_type])
uploaded_at = models.DateTimeField(auto_now_add = True)
extension = models.CharField(max_length = 30, blank = True)
thumbnail = models.ImageField(blank = True, null = True)
is_public = models.BooleanField(default = False)
accesible_by = models.ManyToManyField(User) #This is my attempt at doing this task.
def clean(self):
self.extension = self.file.name.split('/')[-1].split('.')[-1]
if self.extension == 'xlsx' or self.extension == 'xls':
self.thumbnail = 'xlsx.png'
elif self.extension == 'pptx' or self.extension == 'ppt':
self.thumbnail = 'pptx.png'
elif self.extension == 'docx' or self.extension == 'doc':
self.thumbnail = 'docx.png'
def delete(self, *args, **kwargs):
#delete file from /media/files
self.file.delete(save = False)
#call parent delete method.
super().delete(*args, **kwargs)
#Redirect to file list page.
def get_absolute_url(self):
return reverse('dashby-files:files')
def __str__(self):
return self.file.name.split('/')[-1]
class Meta():
ordering = ['-uploaded_at']
My View to handle the creation of documents: 我的视图来处理文档的创建:
class DocumentCreate(CreateView):
model = Document
fields = ['file', 'is_public']
def form_valid(self, form):
self.object = form.save(commit = False)
## I guess here i would Add the (self.request.user) to the accesible_by Field.
self.object.save()
data = {'status': 'success'}
response = JSONResponse(data, mimetype =
response_mimetype(self.request))
return response
Thanks in advance to anyone for any ideas or suggestions... 在此先感谢任何人的任何想法或建议...
You have a model and a view that hopefully works for adding new documents, you still have a number of steps to go. 您有一个模型和一个希望可以用于添加新文档的视图,但是您仍然需要执行许多步骤。 You'll need a place to assign users that can view/modify/delete your files.
您需要一个位置来分配可以查看/修改/删除文件的用户。 If you need to store access levels (view/delete...), your accessible_by will not suffice and you'll do well with a through table to add more information like access level.
如果您需要存储访问级别(查看/删除...),那么accessible_by将不足以满足您的需求,并且可以通过一个贯通表来添加更多信息,例如访问级别。
You need to write views for various actions like view, delete... that users will request and here you ensure users have the right privileges. 您需要为用户将请求的各种操作(例如视图,删除...)编写视图,并在此处确保用户具有正确的特权。 An implementation would be to get the request.user and the document id, look up if the user has the permission for what she's doing, return an http unauthorized exception or allow the action to proceed.
一种实现是获取request.user和文档ID,查找用户是否有权执行其操作,返回http未经授权的异常或允许执行操作。
Edit: My question is about how can I assign user-permissions to each individual file
编辑:我的问题是关于如何分配用户权限到每个单独的文件
If we're keeping this to access control from the django level, using the document model you already have, and you've taken some steps and for every document, you can assign users (accessible_by). 如果我们将其保留为从django级别访问控制,请使用已有的文档模型,并已采取一些步骤,对于每个文档,您都可以分配用户(accessible_by)。 Something like this can get you started:
这样的事情可以帮助您入门:
from django.core.exceptions import PermissionDenied
def view_document(request, doc_pk):
doc = get_object_or_404(Document, pk=doc_pk)
if not doc.accessible_by.filter(username=request.user.username):
raise PermissionDenied
#perform rest of action
Or do you mean to use the permissions framework itself? 还是您要使用权限框架本身?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.