最终用户的 Django AdminSite/ModelAdmin? [英] Django AdminSite/ModelAdmin for end users?

问题描述

并非所有软件都需要左侧的内容制作者"管理界面和右侧的访问者/成员"站点.

Not all software has the need for an admin interface for "content producers" on the left and a site for "visitors/members" on the right.

人们常说管理员不是您的应用程序"(参见例如 接受的答案(2009 年 3 月)).

It is often said that "the Admin is not your app" (See for example the accepted answer (March 2009)).

我在 Django 文档中找不到明确提到的这种限制.上面似乎有一个潜在的假设 - 一个强大的生产-准备好的界面，内容制作者可以立即使用该界面开始向网站添加内容"-但是当然可以预期不同级别的访问，即使常见问题解答中提到.多个 AdminSite 实例还有什么其他用例?

I couldn't find such a limitation mentioned explicity in the Django documentation. There seems to be an underlying assumption of the above - "a powerful and production-ready interface that content producers can immediately use to start adding content to the site" - but different levels of access are certainly anticipated, even mentioned in the FAQ. And what other use case for multiple AdminSite instances anyway?

我目前正在开发一个主要是 CRUD 界面的软件.每个用户都必须经过身份验证，管理员用户和客户之间的唯一区别是后者只能使用他们的"对象(并且不能访问某些模型，例如用户"等).顺便说一句，他们"在我的情况下不是与创建对象的人有关，而是与它关联的公司"相关.

I'm currently working on a software which is mainly a CRUD interface. Every user must be authenticated, and the only difference between admin users and customers is that the latter can only work with "their" objects (and no access to certain models like "User" etc.). By the way "their" in my case not related to who created the object, but rather which "Company" its associated with.

是否有任何令人信服的理由不只是坚持使用管理界面，而只是配置正确的权限组合?ModelAdmin 权限可以信任吗?为什么不调用所有登录用户为员工"?

Is there any compelling reason not to just stick with the admin interface, and just configure the right cocktail of permissions? Can the ModelAdmin permissions be trusted? Why not just call all logged in users "staff"?

对于传统的非管理员视图，我看到自己正在重写似乎已经存在的内容:ModelForm 是一个不错的开始，但 CRUD 功能和依赖于类型的过滤器(包括日期钻取)并不容易获得组件.Admin 的功能已经提供了最终用户需要的绝大多数功能，并且字段/过滤器/模板等的定制足以满足我的需求.显然我在哪里添加了一个新功能，例如其按钮的可见性和对相应视图的访问需要进行权限检查.我不担心这个.我只是好奇在这种情况下，Admin 功能是否被其内置的权限集正确覆盖.有这方面的经验吗?

For traditional non-admin views I'm seeing myself re-writing what seems to already be there: A ModelForm is a nice start but CRUD functionality and type-dependent filters (incl. date drill-down) are not readily available components. The functionality of the Admin already provides the vast majority of the features that end users need, and customization of fields/filters/templates etc. is sufficient for my needs. Obviously where I add a new feature, e.g. visibility of its button and access to the corresponding views needs a permission check. I'm not worried about that. I'm just curious whether in a case like this the Admin functionality is properly covered by its built-in set of permissions. Any experiences with that?

更新:抱歉，这个问题的主要部分似乎不清楚.我不担心我的自定义，我担心信任现有 管理应用程序及其权限的实现.另请参阅对 Daniel 和 FallenAngel 的评论.

UPDATE: Sorry the main part of this question seems unclear. I'm not worried about my customizations, I'm worried about trusting the existing admin app and its implementation of permissions. See also comments to Daniel and FallenAngel.

推荐答案

admin 本身并没有什么特别之处.它的行为就像任何其他视图一样.因此，如果它使用权限来确定访问权限(例如，如果您将用户的 .is_staff 设置为 True 但仅授予他们特定权限的访问权限)，那么它将同样保护您可能创建的任何使用权限来确定访问权限的视图.

There is nothing inherently special about admin. It behaves just like any other view. So if it is using permissions to determine access (for example, if you set a user's .is_staff to True but give them access only to specific permissions) then it will be equally secure to any view you might create that uses permissions to determine access.

同样，您为 ModelAdmin 提供的自定义将导致实现与您可能编写的任何内容一样安全.

In the same vein, the customization you provide to a ModelAdmin is going to result in an implementation that is equally secure as anything you might write.

如果您为模型编写自定义has_change_permission，例如:

If you write a custom has_change_permission for your your model, for example:

def has_change_permission(self, request, obj=None):
    return obj.company == request.user.get_profile().company

这会奏效.它不会仅仅隐藏一个按钮；它将完全阻止编辑此对象.

This is going to work. It's not going to merely hide a button; it's going to completely block this object from being edited.

编写 django.contrib.admin 的人并没有假设任何拥有 is_staff = True 的人都可以像超级用户一样受到信任，或者愚蠢到从不查看网页的源代码.尽管鼓励编写自己的视图，但它仍然是一个健壮的界面.

The people who wrote django.contrib.admin did not write it with the assumption that anyone with an is_staff = True could be trusted as much as a superuser, or was stupid enough to never take a look at the source code of a web page. Although writing your own views is encouraged, it is still a robust interface.

参见，例如，本节如果您尝试访问 change_view 而没有编辑实际对象的权限，则会引发 PermissionDenied 异常的源代码:

See, for example, this section of the source code which raises a PermissionDenied exception if you try to access the change_view without permission to edit the actual object:

def change_view(self, request, object_id, extra_context=None):
    "The 'change' admin view for this model."
    model = self.model
    opts = model._meta

    obj = self.get_object(request, unquote(object_id))

    if not self.has_change_permission(request, obj):
        raise PermissionDenied

    # view continues...

因此，即使有人制作了正确的 URL 来编辑给定的对象，只要您正确实施了has_change_permission，用户就会被拒绝访问.

So even if someone were to craft the correct URL to edit a given object, so long as you had correctly implemented has_change_permission the user will be denied access.

这篇关于最终用户的 Django AdminSite/ModelAdmin?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！