限制Django管理员更改权限 [英] Restricting Django Admin Change Permissions
问题描述
我正在试图限制用户群体,无法更改他们的组没有权限更改的字段。例如:
class StudentReferral(models.Model):
teacher = models.CharField(max_length = 50)
referral_first_name = models.CharField(max_length = 50)
referral_last_name = models.CharField(max_length = 50)
accepted = models.BooleanField(blank = True)
现在,老师都在一个用户组中,接受或拒绝推荐的人员在另一个用户组中。教师用户组应该只能编辑以下字段:teacher,referral_first_name和referral_last_name。另一个用户组应该只能编辑接受的字段。这两个组都应该能够看到所有的字段。
django内置有什么内容可以使这种方式成为可能吗?
覆盖 ModelAdmin.get_fieldsets ,并执行以下操作:
class MyModelAdmin(admin.ModelAdmin):
...
fieldsets =(
...#标准/所有字段
)
teacher_fieldsets =(
...#只有老师可以看到
)
def get_fieldsets(self,request,obj =没有):
如果request.user.groups.filter(name ='Teachers')。exists():
return self.teacher_fieldsets
else:
return super(MyModelAdmin,自己).get_fieldsets(request,obj = obj)
编辑 p>
对不起,我错过了一点,他们仍然可以看到所有的字段,只是不编辑它们。我原来的答案完好无损,因为它可能仍然适用于你。为此,您需要覆盖 ModelAdmin.get_readonly_fields :
class MyModelAdmin(admin.ModelAdmin):
...
readonly_fields =('teacher','referral_first_name','referral_last_name')
teacher_readonly_fields =('accepted',)
def get_readonly_fields(self,request,obj = None):
如果request.user.groups.filter(name ='Teachers')。exists():
return self.teacher_readonly_fields
else:
return super(MyModelAdmin,self).get_readonly_fields(request,obj = obj)
我在这里假设选择只是教师或其他用户。如果还有其他类型需要考虑,或者您不希望在某种情况下限制字段,则可能需要删除 readonly_fields 属性,并将其替换为 other_readonly_fields ,并相应地分支( readonly_fields 的默认值只是那些具有 editable =
此外,请注意,如果需要字段,则不能将其设为只读。如果其中的某些是必填字段,那么您还需要覆盖 ModelForm .__ init __ ,以使它们在只读的情况下不需要,哪些需要一些额外的黑客( ModelForm 无法访问请求,通常):
class MyModelForm(forms.ModelForm):
class Meta:
model = MyModel
def __init __
self.request = kwargs.pop('request')
super(MyModelForm,self).__ init __(* args,** kwargs)
如果self.request不是None:
如果self.request.user.groups.filter(name ='Teachers')。exists():
self.fields ['accepted'] .required = False
class MyModelAdmin(admin.ModelAdmin):
form = MyModelForm
...
def get_form(self,request,obj = None,* * kwargs):
ModelForm = super(MyModelAdmin,self).get_form(request,obj = o bj,** kwargs)
class WrapperModelForm(ModelForm):
def __new __(cls,* args,** kwargs):
kwargs ['request'] = request
return ModelForm(* args,** kwargs)
return WrapperModelForm
I am trying to restrict users in groups from being able to change fields their group does not have permission to change. For example:
class StudentReferral(models.Model):
teacher = models.CharField(max_length=50)
referral_first_name = models.CharField(max_length=50)
referral_last_name = models.CharField(max_length=50)
accepted = models.BooleanField(blank=True)
Now the teachers are all in one user group and the person who accepts or declines the referral is in another user group. The teacher user group should only be able to edit the following fields: teacher, referral_first_name and referral_last_name. The other user group should only be able to edit the accepted field. Both groups should be able to see all of the fields.
Is there something built into django that makes this possible or a custom way of doing this?
Override ModelAdmin.get_fieldsets, and do something like the following:
class MyModelAdmin(admin.ModelAdmin):
...
fieldsets = (
... # Standard/all fields
)
teacher_fieldsets = (
... # Only fields teachers can see
)
def get_fieldsets(self, request, obj=None):
if request.user.groups.filter(name='Teachers').exists():
return self.teacher_fieldsets
else:
return super(MyModelAdmin, self).get_fieldsets(request, obj=obj)
EDIT
Sorry, I missed the bit about they should still be able to see all fields, just not edit them. I've left the original answer intact, as it might still be of use to you. For this, though, you'll need to override ModelAdmin.get_readonly_fields:
class MyModelAdmin(admin.ModelAdmin):
...
readonly_fields = ('teacher', 'referral_first_name', 'referral_last_name')
teacher_readonly_fields = ('accepted',)
def get_readonly_fields(self, request, obj=None):
if request.user.groups.filter(name='Teachers').exists():
return self.teacher_readonly_fields
else:
return super(MyModelAdmin, self).get_readonly_fields(request, obj=obj)
I'm assuming here that the choices are only teacher or "other user". If there's other types to consider, or you don't want the fields limited at all in one circumstance, you might want to remove the readonly_fields attribute and replace it with something like other_readonly_fields, and branch accordingly (the default value for readonly_fields is only those fields that have editable=False on the model).
Also, be aware that if a field is required, you can't make it read-only as well. If some of these are required fields, you'll need to override ModelForm.__init__ as well, to make them not required in the circumstances where they will be read-only, which requires some extra hackery (ModelForm doesn't have access to request, normally):
class MyModelForm(forms.ModelForm):
class Meta:
model = MyModel
def __init__(self, *args, **kwargs):
self.request = kwargs.pop('request')
super(MyModelForm, self).__init__(*args, **kwargs)
if self.request is not None:
if self.request.user.groups.filter(name='Teachers').exists():
self.fields['accepted'].required = False
class MyModelAdmin(admin.ModelAdmin):
form = MyModelForm
...
def get_form(self, request, obj=None, **kwargs):
ModelForm = super(MyModelAdmin, self).get_form(request, obj=obj, **kwargs)
class WrapperModelForm(ModelForm):
def __new__(cls, *args, **kwargs):
kwargs['request'] = request
return ModelForm(*args, **kwargs)
return WrapperModelForm
这篇关于限制Django管理员更改权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
