Python 如何使用 Django 组和权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4778685/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I use Django groups and permissions?
提问by TIMEX
I understand the basic user stuff. I know authentication, login, creating accounts, etc. But now I want to work on groups and permissions.
我了解基本的用户内容。我知道身份验证、登录、创建帐户等。但现在我想处理组和权限。
Where is the documentation for django groups/permissions? This is not it: http://docs.djangoproject.com/en/dev/topics/auth/
django 组/权限的文档在哪里?这不是它:http: //docs.djangoproject.com/en/dev/topics/auth/
采纳答案by Alex Kuhl
I suppose the first question you need to ask are what permissions do you need and what sort. By what sort, I mean do you want Model- or Object-level. To clarify the difference say you have a model Car. If you want to give permissions on all cars, then Model-level is appropriate, but if you want to give permissions on a per-car basis you want Object-level. You may need both, and this isn't a problem as we'll see.
我想你需要问的第一个问题是你需要什么权限以及什么样的权限。我的意思是你想要模型级还是对象级。为了澄清差异,假设您有一辆模型车。如果您想为所有汽车授予权限,那么模型级别是合适的,但如果您想为每辆车授予权限,则您需要对象级别。您可能两者都需要,正如我们将看到的,这不是问题。
For Model permissions, Django handles these for you... mostly. For each model Django will create permissions in the form 'appname.permissionname_modelname'. If you have an app called 'drivers' with the Car model then one permission would be 'drivers.delete_car'. The permissions that Django automatically creates will be create, change, and delete. For some strange reason they decided not to include read permissions from CRUD, you will have to do this yourself. Note that Django decided to change CRUD's 'update' to 'change' for some reason. To add more permissions to a model, say read permissions, you use the Meta class:
对于模型权限,Django 会为您处理这些……主要是。对于每个模型,Django 将以“appname.permissionname_modelname”的形式创建权限。如果您有一个名为“drivers”的汽车模型应用,那么一个权限就是“drivers.delete_car”。Django 自动创建的权限将是创建、更改和删除。出于某种奇怪的原因,他们决定不包括来自 CRUD 的读取权限,您必须自己做这件事。请注意,Django 出于某种原因决定将 CRUD 的“更新”更改为“更改”。要向模型添加更多权限,例如读取权限,请使用 Meta 类:
class Car( models.Model ):
# model stuff here
class Meta:
permissions = (
( "read_car", "Can read Car" ),
)
Note that permissions is a set of tuples, where the tuple items are the permission as described above and a description of that permission. You don't have to follow the permname_modelname convention but I usually stick with it.
请注意,权限是一组元组,其中元组项是上述权限以及对该权限的描述。您不必遵循 permname_modelname 约定,但我通常坚持使用它。
Finally, to check permissions, you can use has_perm:
最后,要检查权限,您可以使用 has_perm:
obj.has_perm( 'drivers.read_car' )
Where obj is either a User or Group instance. I think it is simpler to write a function for this:
其中 obj 是用户或组实例。我认为为此编写一个函数更简单:
def has_model_permissions( entity, model, perms, app ):
for p in perms:
if not entity.has_perm( "%s.%s_%s" % ( app, p, model.__name__ ) ):
return False
return True
Where entity is the object to check permissions on (Group or User), model is the instance of a model, perms is a list of permissions as strings to check (e.g. ['read', 'change']), and app is the application name as a string. To do the same check as has_perm above you'd call something like this:
其中 entity 是要检查权限的对象(组或用户),model 是模型的实例,perms 是要检查的字符串形式的权限列表(例如 ['read', 'change']),而 app 是应用程序名称作为字符串。要进行与上面的 has_perm 相同的检查,您可以调用如下代码:
result = has_model_permissions( myuser, mycar, ['read'], 'drivers' )
If you need to use object or row permissions (they mean the same thing), then Django can't really help you by itself. The nice thing is that you can use both model and object permissions side-by-side. If you want object permissions you'll have to either write your own(if using 1.2+) or find a project someone else has written, one I like is django-objectpermissionsfrom washingtontimes.
如果您需要使用对象或行权限(它们的意思相同),那么 Django 本身并不能真正帮助您。好处是您可以并排使用模型和对象权限。如果您想要对象权限,则必须自己编写(如果使用 1.2+)或找到其他人编写的项目,我喜欢的是华盛顿时代的django-objectpermissions。
