Django 如何限制员工用户从 django 管理面板编辑或删除其他员工用户帖子
[英]Django how to restrict staff-user to edit or delete others staff-user post from django admin panel
问题描述
Right now my all django staff-user can edit or delete others staff-user post.
现在我所有的 django 员工用户都可以编辑或删除其他员工用户的帖子。 I want they only can able to be edit or delete their own post from django admin panel.我希望他们只能从 django 管理面板编辑或删除自己的帖子。 How to restrict them to edit or delete others user post?如何限制他们编辑或删除其他用户帖子? here is my code:这是我的代码:
views.py:视图.py:
class BlogPublishView(PermissionRequiredMixin,CreateView):
raise_exception = True
permission_required = "blog.add_post"
model = Post
form_class = BlogPost
template_name = "blog_post.html"
#fields = ['title','author','body']
class BlogUpdateView(PermissionRequiredMixin,UpdateView):
raise_exception = True
permission_required = "blog.change_post"
model = Post
template_name = "blog_update_post.html"
form_class = BlogPost
class BlogDeleteView(PermissionRequiredMixin,DeleteView):
raise_exception = True
permission_required = "blog.delete_post"
model = Post
template_name = "delete_blog_post.html"
success_url = reverse_lazy('blog')
urls.py网址.py
path('blog-post', BlogPublishView.as_view(), name='blog-post'),
path('blog-update/<slug:slug>', BlogUpdateView.as_view(), name='blog-update'),
path('blog-delete/<slug:slug>', BlogDeleteView.as_view(), name='blog-delete'),
html html
{% if user.is_authenticated %}{% if user.id == post.author.id %} <a href="{% url 'blog-update' post.slug %}"><b>(Edit Blog)</b></a> <a href="{% url 'blog-delete' post.slug %}"><b>(Delete Blog)</b> </a>{% endif %}{% endif %}
Let you explain little bit more if you still now don't understand my problem.如果你现在还不明白我的问题,让你再解释一下。 Assume I have three user in my djano admin panel "A", "B" and "C".假设我的 djano 管理面板“A”、“B”和“C”中有三个用户。 User "A" is Admin and user "B" and "C" is staff-user.用户“A”是管理员,用户“B”和“C”是员工用户。 User "B" and "C" have permission only edit, delete and publish post from admin panel.用户“B”和“C”只有从管理面板编辑、删除和发布帖子的权限。 The problem is user "A" can edit and delete user "B" post and also user "B" can edit or delete user "A" post.问题是用户“A”可以编辑和删除用户“B”的帖子,用户“B”也可以编辑或删除用户“A”的帖子。 I want to restrict both of staff-user to edit, delete and view each others post from django admin panel.我想限制两个员工用户从 django 管理面板编辑、删除和查看彼此的帖子。 They can only be view, edit and delete their own post from django admin panel.他们只能从 django 管理面板查看、编辑和删除自己的帖子。
1 个解决方案
解决方案1
0 已采纳 2021-05-12 19:41:10
After lot of research I find the solution.经过大量研究,我找到了解决方案。 I solved the problems After using "get_queryset" method in my django admin model.在我的 django 管理员 model 中使用“get_queryset”方法后,我解决了问题。 here is the code:这是代码:
def get_queryset(self, request):
qs = super().get_queryset(request)
if request.user.is_superuser:
return qs
return qs.filter(author=request.user)
You can read more details here.您可以在此处阅读更多详细信息。 Before apply get_queryset user "A" and user "B" can view, edit and delete each others post from django admin panel.在应用get_queryset之前,用户“A”和用户“B”可以从 django 管理面板查看、编辑和删除彼此的帖子。 See the picture where user "A" logged in django admin panel and he aslo can edit user "B" and others member post.查看用户“A”登录 django 管理面板的图片,他也可以编辑用户“B”和其他成员帖子。
after apply get_queryset method I restricted user "A" to view, edit and delete post of user "B".应用get_queryset方法后,我限制用户“A”查看、编辑和删除用户“B”的帖子。 Now user "A" can only view, edit and delete his own post.现在用户“A”只能查看、编辑和删除他自己的帖子。 see the picture看图片
If you apply this get_queryset method in your admin model then except admin nobody can view, edit and delete others user post.如果您在管理员 model 中应用此get_queryset方法,那么除了管理员之外,没有人可以查看、编辑和删除其他用户帖子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.