如何使用Django组和权限？ [英] How do I use Django groups and permissions?

问题描述

我了解基本用户的东西。我知道身份验证，登录，创建帐户等，但现在我想要处理组和权限。

I understand the basic user stuff. I know authentication, login, creating accounts, etc. But now I want to work on groups and permissions.

django组/权限的文档在哪里？这不是它： http://docs.djangoproject.com/en/dev/topics/auth/

Where is the documentation for django groups/permissions? This is not it: http://docs.djangoproject.com/en/dev/topics/auth/

推荐答案

我想你需要问的第一个问题是你需要什么权限，什么样的。我的意思是说，你想要模型或对象级别。澄清的区别就是你有一辆车型。如果要授予所有汽车的权限，那么模型级别是合适的，但是如果您希望以每车为基础授予权限，则需要对象级别。你可能需要两个，这不是一个问题，我们将看到。

I suppose the first question you need to ask are what permissions do you need and what sort. By what sort, I mean do you want Model- or Object-level. To clarify the difference say you have a model Car. If you want to give permissions on all cars, then Model-level is appropriate, but if you want to give permissions on a per-car basis you want Object-level. You may need both, and this isn't a problem as we'll see.

对于模型权限，Django主要处理这些。对于每个模型，Django将以appname.permissionname_modelname的形式创建权限。如果你有一个名为'drivers'的应用程序与汽车模型，那么一个权限将是'drivers.delete_car'。 Django自动创建的权限将创建，更改和删除。由于某些奇怪的原因，他们决定不将CRUD的读取权限纳入其中，您将不得不自己做这件事。请注意，Django由于某种原因决定将CRUD的更新更改为更改。要向模型添加更多权限，请阅读权限，您可以使用Meta类：

For Model permissions, Django handles these for you... mostly. For each model Django will create permissions in the form 'appname.permissionname_modelname'. If you have an app called 'drivers' with the Car model then one permission would be 'drivers.delete_car'. The permissions that Django automatically creates will be create, change, and delete. For some strange reason they decided not to include read permissions from CRUD, you will have to do this yourself. Note that Django decided to change CRUD's 'update' to 'change' for some reason. To add more permissions to a model, say read permissions, you use the Meta class:

class Car( models.Model ):
    # model stuff here
    class Meta:
        permissions = ( 
            ( "read_car", "Can read Car" ),
        )

请注意，权限是一组元组，其中元组项是上述权限和该权限的描述。您不必遵循permname_modelname约定，但我通常会坚持使用它。

Note that permissions is a set of tuples, where the tuple items are the permission as described above and a description of that permission. You don't have to follow the permname_modelname convention but I usually stick with it.

最后，要查看权限，可以使用has_perm：

Finally, to check permissions, you can use has_perm:

obj.has_perm( 'drivers.read_car' )

其中obj是用户或组实例。我觉得写一个函数更简单：

Where obj is either a User or Group instance. I think it is simpler to write a function for this:

def has_model_permissions( entity, model, perms, app ):
    for p in perms:
        if not entity.has_perm( "%s.%s_%s" % ( app, p, model.__name__ ) ):
            return False
        return True

其中实体是检查（组或用户）权限的对象，模型是model，perms是作为要检查的字符串的权限列表（例如['read'，'change']），app是应用程序名称作为字符串。要像上面的has_perm做同样的检查，你可以这样称呼：

Where entity is the object to check permissions on (Group or User), model is the instance of a model, perms is a list of permissions as strings to check (e.g. ['read', 'change']), and app is the application name as a string. To do the same check as has_perm above you'd call something like this:

result = has_model_permissions( myuser, mycar, ['read'], 'drivers' )

如果你需要使用对象或行权限（他们的意思是同样的事情），那么Django本身不能真正地帮助你。好的是，您可以同时使用模型和对象权限。如果您需要对象权限，则必须编写自己的（如果使用1.2+）或找到项目某人其他已经写过，我喜欢的是来自washingtontimes的 django-objectpermissions 。

If you need to use object or row permissions (they mean the same thing), then Django can't really help you by itself. The nice thing is that you can use both model and object permissions side-by-side. If you want object permissions you'll have to either write your own (if using 1.2+) or find a project someone else has written, one I like is django-objectpermissions from washingtontimes.

这篇关于如何使用Django组和权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！