permission_required 装饰器不适合我 [英] permission_required decorator not working for me
问题描述
我无法弄清楚为什么需要权限的装饰器不起作用.我想只允许工作人员访问视图.我试过了
@permission_required('request.user.is_staff',login_url="../admin")def series_info(请求):...还有
@permission_required('user.is_staff',login_url="../admin")def series_info(请求):...作为超级用户,我可以访问该视图,但我作为员工创建的任何用户都无法访问它并被重定向到登录 url 页面.我测试了 login_required 装饰器,效果很好.
permission_required() 必须传递一个权限名称,而不是字符串中的 Python 表达式.试试这个:
从 contrib.auth.decorators 导入 user_passes_testdef staff_required(login_url=None):return user_passes_test(lambda u: u.is_staff, login_url=login_url)@staff_required(login_url="../admin")def series_info(请求)...<小时><块引用>
谢谢.这确实有效.你有一个如何使用的示例需要权限?来自文件docs.djangoproject.com/en/1.0/… 和djangobook.com/en/2.0/chapter14 我认为我应该工作.
重新阅读您发布的链接;permission_required() 将测试用户是否已被授予特定权限.它不测试用户对象的属性.
来自 http://www.djangobook.com/en/2.0/chapter14/:
def 投票(请求):如果 request.user.is_authenticated() 和 request.user.has_perm('polls.can_vote'):# 在这里投票别的:return HttpResponse("你不能在这个投票中投票.")#########def user_can_vote(用户):返回 user.is_authenticated() 和 user.has_perm("polls.can_vote")@user_passes_test(user_can_vote, login_url="/login/")def 投票(请求):# 在这里投票#########从 django.contrib.auth.decorators 导入 permission_required@permission_required('polls.can_vote', login_url="/login/")def 投票(请求):# 在这里投票I can't figure out why the permission required decorator isn't working. I would like to allow access to a view only for staff members. I have tried
@permission_required('request.user.is_staff',login_url="../admin")
def series_info(request):
...
and also
@permission_required('user.is_staff',login_url="../admin")
def series_info(request):
...
As the superuser, I can access the view, but any users I create as staff can't access it and are redirected to the login url page. I tested the login_required decorator and that works fine.
permission_required() must be passed a permission name, not a Python expression in a string. Try this instead:
from contrib.auth.decorators import user_passes_test
def staff_required(login_url=None):
return user_passes_test(lambda u: u.is_staff, login_url=login_url)
@staff_required(login_url="../admin")
def series_info(request)
...
Thanks. That does work. Do you have an example of how to use permission_required? From the documentation docs.djangoproject.com/en/1.0/… and djangobook.com/en/2.0/chapter14 I thought what I had should work.
Re-read the links you posted; permission_required() will test if a user has been granted a particular permission. It does not test the attributes of the user object.
From http://www.djangobook.com/en/2.0/chapter14/:
def vote(request):
if request.user.is_authenticated() and request.user.has_perm('polls.can_vote'):
# vote here
else:
return HttpResponse("You can't vote in this poll.")
#
#
# # #
###
#
def user_can_vote(user):
return user.is_authenticated() and user.has_perm("polls.can_vote")
@user_passes_test(user_can_vote, login_url="/login/")
def vote(request):
# vote here
#
#
# # #
###
#
from django.contrib.auth.decorators import permission_required
@permission_required('polls.can_vote', login_url="/login/")
def vote(request):
# vote here
这篇关于permission_required 装饰器不适合我的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
