如何在Django中处理多个用户类型 [英] How to handle multiple user type in Django
问题描述
我正在尝试制作一个有三种类型的用户的小型网站 [client,volunteer,coordinator] 。每种类型的用户对其可以访问的视图有限制。所有三个用户都有不同的登录页面。
I'm trying to make a small website which has three types of users ["client" , "volunteer" , "coordinator"]. Each type of user has restrictions on what views it can access. All three users have different login pages.
方法1:为了实现这一点,我已经在会话中添加了一个密钥 category ,在登录期间分配上述给定的用户类型之一,每当调用视图时,请检查该用户是否可以访问该视图。
Approach 1 : To achieve this, I've added a key to the session category, assign one of the above given userTypes during login and, whenever a view is called, check whether that user can access that view.
login.html:
login.html:
{% extends "base.html" %}
{% block content %}
{% if form.errors %}
<p class="error"> Sorry , invalid</p>
{% endif %}
<form action="/login_volunteer/authenticate/" method="post">{% csrf_token %}
<label for="username"> Username : </label>
<input type="text" name="username" value="" id="username">
<label for="password"> Password : </label>
<input type="password" name="password" value="" id="password">
<input type="hidden" name="category" value="volunteer" id="category">
<input type="submit" value="login" />
</form>
{% endblock %}
view.py:
def hello(request):
name = "abhishek"
if request.session.session_key is None:
html = '<html><body>Session is expired</body></html>'
return HttpResponse(html)
try:
if not request.POST.get('category') == 'volunteer
html = '<html><body>You are Not allowed here</body></html>'
return HttpResponse(html)
except :
print "error"
html = '<html><body>Hi this is awesome</body></html>'
return HttpResponse(html)
方法2:我以为可以创建一个自定义用户类而不是仅使用Django提供的默认用户,并在登录期间将CustomUser分配给 request.user 。然后当视图被调用时,我检查is_Client或is_Volunteer。
Approach 2 : I thought I could create a custom User class rather than just using the default User provided by Django and assign the CustomUser to the request.user during login. Then when the view is called, I check is_Client or is_Volunteer.
customUser.py:
customUser.py:
from django.db import models
from django.contrib.auth.models import AbstractBaseUser
class VolunteerUser(AbstractBaseUser):
"""
Custom user class.
"""
email = models.EmailField('email address', unique=True, db_index=True)
joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_volunteer = models.BooleanField(default=False)
class ClientUser(AbstractBaseUser):
"""
Custom user class.
"""
email = models.EmailField('email address', unique=True, db_index=True)
joined = models.DateTimeField(auto_now_add=True)
is_active = models.BooleanField(default=True)
is_Client = models.BooleanField(default=False)
所以我的问题是这些应用程序蟑螂是完成手头任务的最佳方法?有没有其他方法可以解决这个问题?
So my question is, which of these approaches is the best way to accomplish the task at hand? Is there any other method that solves this?
我也担心安全性,我觉得第一种方法比第二种方法更不安全。
I'm also concerned about security and I feel that the first method is more insecure than the second.
推荐答案
实现您的要求的更好方法是使用内置的组和权限模型在Django。但是,由于权限可能有点棘手,另一种方法是创建一个 UserProfile 模型,如下所示:
The better approach for achieving your requirement is to use the inbuilt Group and Permissions model in Django. But since Permissions can be a little tricky, an alternative approach is to create a UserProfile model like below:
from django.contrib.auth.models import User
class UserProfile(models.Model):
user = models.ForeignKey(User)
type = models.CharField(max_length=15)
然后使用控制对这些视图的访问的装饰器:
Then use decorators for controlling access to the views like this:
from django.contrib.auth.decorators import user_passes_test
@user_pass_test(lambda u: u.get_profile().type == 'client')
def view_for_client(request):
...
UserProfile 模型也将有助于保存用户的所有首选项。另外您还需要设置以下设置:
The UserProfile model will also be useful to save all of the preferences of your user. Also you would need to set the following setting:
AUTH_PROFILE_MODULE = 'accounts.UserProfile'
这篇关于如何在Django中处理多个用户类型的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
