限制用户对Django中不同应用程序的访问 [英] Restricting User access to different apps in Django

问题描述

我的项目中有两个模型.两者都引用User类(我使用User模型来访问诸如authenticate和login_required之类的方法)

I have two models in my project. Both of which reference the User class (I used the User model to gain access to methods such as authenticate and login_required)

class Customer(models.Model):
    Customer = models.OneToOneField(User)
    CustomerID = models.CharField(max_length = 15)
    phone_regex = RegexValidator(regex = r'\d{10}', message = 'Enter your 10 digit Mobile number')
    Phone_no = models.CharField(max_length = 10,validators = [phone_regex],blank = True)
    Customer_wallet = models.IntegerField(default = 100)


class Merchants(models.Model):
    merchant = models.OneToOneField(User)
    MerchantID = models.CharField(max_length = 15)
    Storename = models.CharField(max_length = 25)

当前，任何用户(无论他是商人还是客户)都可以访问整个网站.我该怎么使用以将客户限制为/Customer URL，将商人限制为/Merchant URL?

Currently any user(regardless of him being a merchant or a customer) has access to the entire site. What do I use to restrict a customer to /Customer url and a merchant to a /Merchant url?

def check_if_merchant(user):
    try:
        user.__getattribute__('merchants')
    except AttributeError:
        return False

我尝试了user_passes_test装饰器来检查用户是否具有商家或客户属性.但它似乎会自动重定向到尚未在urls.py中设置的/accounts/Merchants等.

I tried the user_passes_test decorator to check if the user has a merchant or a customer attribute. But it seems to be automatically redirecting to /accounts/Merchants etc which hasnt been set up in urls.py.

推荐答案

user_passes_test 只是一个简单的修饰符，是的，它确实重定向至记录的URL.

user_passes_test is just a simple decorator, and yes it does redirect to the login url as documented.

现在，由于 user_passes_test 调用了您自己的测试函数，因此，如果您要返回 403 Forbidden ，则只需提高 PermissionDenied 即可返回 False :

Now since user_passes_test calls your own test function, if you want to return a 403 Forbidden instead you just have to raise PermissionDenied instead of returning False:

from django.core.exceptions import PermissionDenied, ObjectDoesNotExist

def check_if_merchant(user):
    try:
        user.merchants
    except (AttributeError, ObjectDoesNotExist):
        raise PermissionDenied
    else:
        return True

或者，您可以首先检查您是否有登录用户，如果没有，则返回False，以将未登录的用户重定向到登录页面:

Alternatively you can first check if you have a logged in user and return False if not, to redirect non logged in users to the login page:

from django.core.exceptions import PermissionDenied, ObjectDoesNotExist

def check_if_merchant(user):
    if user.is_anonymous():
        return False
    try:
        user.merchants
    except (AttributeError, ObjectDoesNotExist):
        raise PermissionDenied
    else:
        return True

这篇关于限制用户对Django中不同应用程序的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！