Django权限,代码自己或使用应用程序? [英] Django permissions, code ourselves or use app?
问题描述
这个问题是(我认为)Django中的对象/行级权限。
我们正在建立一个社区,需要能够根据操作设置权限用户采取。例如,您不应该能够发布线程,直到您发布了如此多的答案。
此外,用户应该能够删除属于他们自己。基于Django文档,标准框架似乎不支持实例的权限。
我们应该建立Django提供的空API,还是应该使用这样的应用程序像django-guardian,django规则等?
谢谢!
blockquote>
你应该不能启动一个线程,直到你发布如此多的答案。
您不需要为此使用每个对象的权限。其实你根本不需要使用权限。只需检查用户是否符合您的意见要求。
或者您也可以使用标准的django权限引擎。创建权限,如开始线程,然后设置信号跟踪用户何时添加答案。当发出单词时,请检查用户是否有足够的答案,并授予他开始线程权限。
您可以决定哪一个更适合您。
此外,用户应该能够删除属于自己的内容。
这可以通过每个对象的权限来完成。但是,如果这是使用它们的唯一理由,那么我只需要向模型添加一个字段 author ,并使用一个简单的 item.author == request .user 检查以测试用户是否可以删除该项。
所以,我的一般建议是保持简单。分析您的需求每个对象的权限是一个强大的工具,可能会在您的情况下过度使用。
This question is (I think) about object/row level permissions in Django.
We are building a community and need to be able to set permissions based on actions that users take. For example, you should not be able to start a thread until you have posted so and so many answers.
Also, the users should be able to remove content that belongs to themselves. Based on the Django documentation, it seems like the standard framework does not support permissions for instances.
Should we build on the "empty" API that Django supplies, or should we use an app for this like django-guardian, django-rules, etc? Which ones would you in that case recommend?
Thank you!
you should not be able to start a thread until you have posted so and so many answers.
You don't need to use per-object permissions for that. Actually, you don't need to use permissions for that at all. Just check if user meets the requirements in your views.
Or you can use standard django permissions engine. Create permissions like "Start a Thread", then set up signals to track when users add answers. When singal is emitted check if a user has enough answers and grant him the "Start a Thread" permission.
It's up to you to decide which one works better for you.
Also, the users should be able to remove content that belongs to themselves.
This can be done with per-object permissions. But if it's the only reason to use them then I'd just add a field author to your models and use a simple item.author == request.user check to test if user can delete the item.
So, my general advice is to keep it simple. Analyze your needs. Per-object permissions is a powerful tool which may be an overkill in your situation.
这篇关于Django权限,代码自己或使用应用程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
