如何根据用户限制django-admin中的字段？ [英] How to limit fields in django-admin depending on user?

问题描述

我想这里讨论过类似的问题，但我找不到它。

I suppose similar problem would have been discussed here, but I couldn't find it.

我们假设我有一个编辑和一个主管。我希望编辑能够添加新的内容（例如新闻文章），但在发布之前必须由主管确认。

Let's suppose I have an Editor and a Supervisor. I want the Editor to be able to add new content (eg. a news post) but before publication it has to be acknowledged by Supervisor.

当编辑器列出所有项目时，我想在模型上设置一些字段（如ack字段）为只读（所以他可以知道已经被确认了什么，还有什么还在等待批准），但主管应该能够更改所有内容（list_editable将

When Editor lists all items, I want to set some fields on the models (like an 'ack' field) as read-only (so he could know what had been ack'ed and what's still waiting approval) but the Supervisor should be able to change everything (list_editable would be perfect)

这个问题的可能解决方案是什么？

What are the possible solutions to this problem?

推荐答案

我认为有一个更简单的方法可以做到这一点：

I think there is a more easy way to do that:

访客我们也有同样的问题的Blog-Post

Guest we have the same problem of Blog-Post

blog / models.py：

blog/models.py:

Class Blog(models.Model):
     ...
     #fields like autor, title, stuff..
     ...

class Post(models.Model):
     ...
     #fields like blog, title, stuff..
     ...
     approved = models.BooleanField(default=False)
     approved_by = models.ForeignKey(User) 
     class Meta:
         permissions = (
             ("can_approve_post", "Can approve post"),
         )

魔术在管理员中：

blog / admin.py ：

blog/admin.py:

...
from django.views.decorators.csrf import csrf_protect
...
def has_approval_permission(request, obj=None):
     if request.user.has_perm('blog.can_approve_post'):
         return True
     return False

Class PostAdmin(admin.ModelAdmin):
     @csrf_protect
     def changelist_view(self, request, extra_context=None):
         if not has_approval_permission(request):
             self.list_display = [...] # list of fields to show if user can't approve the post
             self.editable = [...]
         else:
             self.list_display = [...] # list of fields to show if user can approve the post
         return super(PostAdmin, self).changelist_view(request, extra_context)
     def get_form(self, request, obj=None, **kwargs):
         if not has_approval_permission(request, obj):
             self.fields = [...] # same thing
         else:
             self.fields = ['approved']
         return super(PostAdmin, self).get_form(request, obj, **kwargs)

这样你可以使用api的自定义权限，您可以覆盖保存模型的方法或获取查询集，如果您有至。在methid has_approval_permission 中，您可以定义用户何时或不能做某事的逻辑。

In this way you can use the api of custom permission in django, and you can override the methods for save the model or get the queryset if you have to. In the methid has_approval_permission you can define the logic of when the user can or can't to do something.

这篇关于如何根据用户限制django-admin中的字段？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！