简体   繁体   中英

Django: Making custom permissions

So I have lots of forms that aren't attached to models, like a search form. I don't want people to be able to access these without first verifying their account through an email. How is the best way to limit their ability to do this? Is it through custom permissions? If so, how do I go about this? Thank you so much!

You have several ways to do it:

  1. UI level: when the search field is focused you can say through an alert or other mechanism to notify users you are not allowed to search.

  2. Server level: assuming your user is logged in or has an account you can verify the user in the search request and return a response where you state you cannot search without confirming your email.

  3. Don't let them use the site after registering unless they confirm their email. You can see doing searches as data display and if you don't block that either you confuse users. Why can I see all articles but can't search?

I would go for 3. and let them use the site. They can confirm it afterwards when they try to do something which modifies the DB (aka they try to post something, then from a psychological standpoint there is a block between them and their objective and they will be more willing to confirm in order to achieve their objective)

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM