[英]Django superuser not having all permissions
While trying to create a Django Rest Framework endpoint for displaying a users permissions, I encountered a problem when it comes to superusers.在尝试创建用于显示用户权限的 Django Rest Framework 端点时,我遇到了超级用户问题。
I thought superusers had all permissions by default, but when I tried to get all permissions for any user through the Permission-model, I got a length difference between the lists.我认为超级用户默认拥有所有权限,但是当我尝试通过 Permission-model 获取任何用户的所有权限时,我得到了列表之间的长度差异。
# User is a superuser
> len(user.get_all_permissions())
516
> len(Permission.objects.all().distinct())
519
Since get_all_permissions() returns a list of strings which are some permutation of data from a permission instead of a QuerySet, I am unable to see exactly which permissions the superuser lacks.由于 get_all_permissions() 返回一个字符串列表,这些字符串是来自权限而不是 QuerySet 的数据的某种排列,因此我无法确切地看到超级用户缺少哪些权限。
Am I wrong in my impression that a superuser has all permissions?我认为超级用户拥有所有权限是错误的吗? Are there other ways to get all permissions for a user in the form of a Permission QuerySet?是否有其他方法以 Permission QuerySet 的形式获取用户的所有权限? I could always just return the list given by user.get_all_permissions() instead of a QuerySet, but this confuses DRF-Swagger when it comes to the format of possible responses.我总是可以只返回 user.get_all_permissions() 给出的列表而不是 QuerySet,但是当涉及到可能的响应格式时,这让 DRF-Swagger 感到困惑。
Since get_all_permissions() returns a list instead of a QuerySet, I am unable to see exactly which permissions the superuser lacks.由于 get_all_permissions() 返回一个列表而不是一个 QuerySet,我无法确切地看到超级用户缺少哪些权限。
How so?为何如此? Something like就像是
all_permission_ids = {
f'{app_label}.{codename}'
for (app_label, codename)
in Permission.objects.values_list('content_type__app_label', 'codename')
}
missing_permissions = (
all_permission_ids -
set(user.get_all_permissions())
)
should get you going.应该让你去。
Am I wrong in my impression that a superuser has all permissions?我认为超级用户拥有所有权限是错误的吗?
No, you're not.不你不是。 Superusers do have all permissions, and this is generally short-circuited, ie you'd only check whether the user is a superuser, and if so, no more permission checking should be done.超级用户确实拥有所有权限,这通常是短路的,即您只检查用户是否是超级用户,如果是,则不应再进行权限检查。
Are there other ways to get all permissions for a user in the form of a Permission QuerySet?是否有其他方法以 Permission QuerySet 的形式获取用户的所有权限?
Kind of.的种类。 Something like就像是
user_permissions_qs = Permission.objects.filter(id__in={p.id for p in user.get_all_permissions()})
could work, but is really not optimal performance-wise.可以工作,但在性能方面确实不是最佳的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.