[英]How to make Django admin site accessed by non-staff user?
I would like to implement a 2nd admin site which provides a subset of feature of the primary admin site.我想实现第二个管理站点,它提供主管理站点的功能子集。 That's possible and described in the Django docs这是可能的,并在Django 文档中进行了描述
However, I would like to limit access on the primary admin site.但是,我想限制对主管理站点的访问。 Some users can access the 2ndary site but not the primary site.有些用户可以访问第二个站点,但不能访问主站点。
In order to implement that feature, I would like these users not to be in the staff (is_staff=False) and rewrite the AdminSite.has_permission
为了实现该功能,我希望这些用户不在工作人员中(is_staff=False)并重写AdminSite.has_permission
class SecondaryAdminSite(AdminSite):
def has_permission(self, request):
if request.user.is_anonymous:
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
return False
try:
user = User.objects.get(username = username)
if user.check_password(password):
return user.has_perm('app.change_onlythistable')
else:
return False
except User.DoesNotExist:
return False
else:
return request.user.has_perm('app.change_onlythistable')
Unfortunately, this approach doesn't work.不幸的是,这种方法不起作用。 The user can login but can't see anything in the secondary admin site.用户可以登录,但在辅助管理站点中看不到任何内容。
What's wrong with this approach?这种方法有什么问题? Any idea how to implement this feature?知道如何实现此功能吗?
Thanks in advance提前致谢
I think that your approach should now be possible: http://code.djangoproject.com/ticket/14434 (closed 5 weeks ago)我认为你的方法现在应该是可能的: http : //code.djangoproject.com/ticket/14434 (5 周前关闭)
However, the explicit "is_staff" check is still done in two places (apart from the staff_member_required decorator):但是,显式的“is_staff”检查仍然在两个地方完成(除了 staff_member_required 装饰器):
django.contrib.admin.forms.AdminAuthenticationForm.clean() django.contrib.admin.forms.AdminAuthenticationForm.clean()
On top of "has_permission()" you'd need to provide your non-staff AdminSite with a "login_form" that doesn't do the is_staff check, so could just subclass and adjust clean() accordingly.在“has_permission()”之上,您需要为非员工 AdminSite 提供一个不进行 is_staff 检查的“login_form”,因此可以只进行子类化并相应地调整 clean() 。
templates/admin/base.html模板/管理员/base.html
would need to be slightly customized.需要稍微定制一下。 The div with id "user-tools" is only shown for active staff members. id 为“user-tools”的 div 仅对活跃员工显示。 I'm assuming that's done because the login form also uses this template, and someone could be logged in as an active non-staff member but still should'nt see those links.我假设这样做是因为登录表单也使用了这个模板,有人可以作为活跃的非工作人员登录,但仍然不应该看到这些链接。
Here's what worked for me with Django >= 3.2
.这是对我Django >= 3.2
。
AdminSite
创建AdminSite
的子类has_permission()
method to remove the is_staff
check.覆盖has_permission()
方法以删除is_staff
检查。login_form
to use AuthenticationForm
.覆盖login_form
以使用AuthenticationForm
。
AdminSite
uses AdminAuthenticationForm
, which extends AuthenticationForm
and adds a check for is_staff
. AdminSite
使用AdminAuthenticationForm
,它扩展了AuthenticationForm
并添加了对is_staff
的检查。# PROJECT/APP/admin.py
from django.contrib.admin import AdminSite
from django.contrib.admin.forms import AuthenticationForm
class MyAdminSite(AdminSite):
"""
App-specific admin site implementation
"""
login_form = AuthenticationForm
site_header = 'Todomon'
def has_permission(self, request):
"""
Checks if the current user has access.
"""
return request.user.is_active
site = MyAdminSite(name='myadmin')
What's wrong with this approach?这种方法有什么问题? Any idea how to implement this feature?知道如何实现此功能吗?
What's wrong with this approach is that permissions and groups can already provide you with what you need.这种方法的错误在于权限和组已经可以为您提供所需的内容。 There is no need to subclass AdminSite if all you need is to divide users.如果您只需要划分用户,则无需对 AdminSite 进行子类化。
This is probably why this feature is so poorly documented, IMHO恕我直言,这可能就是为什么此功能的记录如此糟糕的原因
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.