在Flask-Admin中隐藏字段取决于登录用户？ [英] Hiding fields in Flask-Admin depending on logged in user?

问题描述

我的Flask应用程序中有 Users 和 Roles ，感谢Flask-Security。

对于某些角色，我想隐藏由Flask-Admin创建的表单中的特定字段。

我知道使用eg 。 form_create_rules =（'title'，'file'）但是在实例化一个ModelView时，不能访问当前请求，所以 current_user.has_role（USER_ROLE ）不能被调用。

有没有其他的方法可以实现这个功能？

解决方案

实现此目的的一种方法是创建多个视图类，并针对其适当的角色注册这些视图类。有关如何将角色注册到视图，请参阅此回答。例如，假设我们有一个实现了Flask-Security混合的用户表，我们希望这个用户表角色管理员能够读取/设置活动字段和任何角色用户不看这个字段。

 类AdminUserView（）类中定义了类 AdminView  AdminView）：
 $ b column_list = ['first_name'，'last_name'，'email'，'roles'，'active'] 
 
 form_columns = ['first_name'，' last_name'，'email'，'active'，'roles'] 
 
＃其他常见功能
 
 User UserView（AdminUserView）：
 
 ＃只是重新定义可以看到/编辑的列
 
 column_list = ['first_name'，'last_name'，'email'，'roles'] 
 
 form_columns = [' first_name'，'last_name'，'email'，'roles'] 
 
＃注册您的视图，记得设置一个独特的端点，因为我们在多个视图中使用相同的模型
 
 admin.add_view（AdminUserView（model = User，session = db.session，category =Accounts，name =Users，endpoint =users_admin，roles_accepted = [admin]））
 admin .add_view（用户视图（模型=用户，session = db.session，category =Accounts，name =Users，endpoint =users_user，roles_accepted = [user]））
  

I have Users and Roles in my Flask app thanks to Flask-Security.

For some roles I would like to hide certain fields in the forms created by Flask-Admin.

I know about customizing ModelViews with eg. form_create_rules = ('title', 'file') but while instantiating a ModelView there isn't access to the current request so current_user.has_role(USER_ROLE) can't be called.

Is there any other way to achieve this?

解决方案

One way of achieving this is to create multiple view classes and register these view classes against their appropriate roles. See this answer on how to register roles to views. Using view inheritance you can keep common functionality in the "base" class.

For example, suppose we have a user table that implements the Flask-Security mixin and we want the role "admin" to be able to read/set the active field and anyone with the role "user" not to see this field. The class AdminView is defined in the referenced answer.

class AdminUserView(AdminView):

    column_list = ['first_name', 'last_name', 'email', 'roles', 'active']

    form_columns = ['first_name', 'last_name', 'email', 'active', 'roles']

    # Other common functionality here

class UserView(AdminUserView): 

    # Just redefine the columns that can be seen/edited

    column_list = ['first_name', 'last_name', 'email', 'roles']

    form_columns = ['first_name', 'last_name', 'email', 'roles']

# register your views and remember to set a unique endpoint as we are using the same model in multiple views

admin.add_view(AdminUserView(model=User, session=db.session, category="Accounts", name="Users", endpoint="users_admin", roles_accepted=["admin"]))
admin.add_view(UserView(model=User, session=db.session, category="Accounts", name="Users", endpoint="users_user", roles_accepted=["user"]))

这篇关于在Flask-Admin中隐藏字段取决于登录用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！