Users that cannot add or change etc. a certain model, will not be able to see it in the admin.

无法添加或更改某个模型的用户将无法在管理中看到它。

If we are talking about your custom created views then you could create something which checks a user for a permission and returns a 404 if they do not have that permission. Permissions are linked to models and a group can be assigned various permissions.

如果我们谈论的是您自定义创建的视图，那么您可以创建一些内容来检查用户的权限，如果他们没有该权限，则返回 404。权限与模型相关联，并且可以为组分配各种权限。

You can add a permission to a model like this:

您可以像这样为模型添加权限：

# myproject/myapp/models.py

class MyModel(models.Model):
    class Meta:
        permissions = (
            ('permission_code', 'Friendly permission description'),
        )

Then you can check a if a user has permission like this:

然后你可以检查一个用户是否有这样的权限：

@user_passes_test(lambda u: u.has_perm('myapp.permission_code'))
def some_view(request):
    # ...

Using permissions you can then easily add or remove them from users and groups simply using the admin interface.

使用权限，您只需使用管理界面即可轻松地从用户和组中添加或删除它们。

You need to manage that manually, but it's pretty easy. Presumably there's an attribute that determines whether or not a group has permission to see a view: then you just decorate that view with either the permission_requireddecorator, if it's a simple question of whether the user has a particular Permission, or user_passes_testif it's a bit more complicated:

您需要手动管理它，但这很容易。大概有一个属性决定了一个组是否有权查看一个视图：然后你只需用permission_required装饰器装饰该视图，如果这是一个关于用户是否具有特定权限的简单问题，或者user_passes_test它是否有点复杂：

@user_passes_test(lambda u: u.is_allowed_to_see_view_myview())
def myview(request):
    ...etc...

assuming that is_allowed_to_see_view_myviewis some sort of method on the User object.

假设这is_allowed_to_see_view_myview是 User 对象上的某种方法。

The authentication docsare pretty comprehensive.

该认证文档是非常全面的。

Permissions system is model-centric and assumes that permissions are tied to models. I think following 2 alternatives are best options:

权限系统以模型为中心，并假定权限与模型相关联。我认为以下两种选择是最佳选择：

A. If your views are related to some specific model, use custom permissions on that model as Marcus Whybrow suggested.

A. 如果您的视图与某个特定模型相关，请按照 Marcus Whybrow 的建议对该模型使用自定义权限。

B. [not tested, might not work] Subclasss Userand define your own permissions there. You don't need actual model, it's just wrapper for your app's custom permission:

B. [未测试，可能不起作用] 子类User并在那里定义您自己的权限。您不需要实际模型，它只是您应用程序自定义权限的包装器：

from django.contrib.auth.models import User
class MyUser(User):
    class Meta:
        permissions = (('can_visit_$viewset1', 'Can visit $view_set_1'))

Don't forget to run syncdbto add custom permissions to database.

不要忘记运行syncdb以向数据库添加自定义权限。

For class based views you can inherit UserPassesTestMixinclass into the view and define test_func

对于基于类的视图，您可以将UserPassesTestMixin类继承 到视图中并定义test_func

from django.contrib.auth.mixins import UserPassesTestMixin

class MainView(UserPassesTestMixin, View):

    def test_func(self):
        return self.request.user.has_perm('app.get_main_view')

Take a look at this docsfor more details on how to use this:

有关如何使用它的更多详细信息，请查看此文档：

If you are using Django 1.9+, you should be able to use PermissionRequiredMixin: https://docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.mixins.PermissionRequiredMixin

如果您使用的是 Django 1.9+，您应该可以使用PermissionRequiredMixin：https: //docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.mixins.PermissionRequiredMixin

For example:

例如：

from django.contrib.auth.mixins import PermissionRequiredMixin

class MainView(PermissionRequiredMixin, View):
    permission_required = 'my_services.foo_bar'
    ...

This is basically a special case of UserPassesTestMixin, designed specifically to test whether the user has the indicated permission.

这基本上是 的特例UserPassesTestMixin，专门用于测试用户是否具有指定的权限。