Django应用程序用于用户/帐户设置
-
15-11-2019 - |
题
我准备开发一个项目,我正在映射我可以使用的东西。该项目需要不同的基于组/用户的模型和对象权限和设置。
我知道我可以使用django-objectpermissions(https://github.com/washingtontimes/django-objecturemisions)和djangos自己的模型权限。但是有一些情况,当你真的需要设置对象/模型权限时,而是一个设置 - 这个帐户/用户可以做一些与某些对象或模型无关的东西。有人为此开发了应用程序吗?或者人们在有这么需要时采取什么样的方法?也许创建虚拟Django模型,让Djangos模型权限处理其余的?
我也知道,这做了类似 - https://github.com/danielroseman/django- dbsettings 。但是当我通过代码撇去我的印象时,这些设置都是基于用户的 - 我还需要基于组的设置。
编辑:人员继续为我提供权限应用程序。我正在寻找的不是权限应用,但设置应用程序。这些设置/权限与任何对象无关。
基本上。在我的项目中,我需要回答问题 - 这个用户可以看到/做这个东西吗? “事情”很可能是一个观点。所以一个答案几乎有效。但是,在视图下检查我的检查,不是用户是否具有某些型号/对象的权限。它宁愿,如果用户已打开此设置,则如果用户组的此设置已打开。
alan
解决方案
You're probably going to need to create your own system for this. It shouldn't be very difficult.
class Setting(models.Model):
name = models.CharField(..)
value = models.CharField(..)
users = models.ManyToManyField(User)
groups = models.ManyToManyField(Group)
@classmethod
def has_setting(cls, name, user):
user_settings = cls.objects.filter(name=name, users__in=[user]).count()
group_settings = cls.objects.filter(name=name, groups__in=user.groups.all()).count()
return user_settings or group_settings
@classmethod
def get_settings(cls, name, user, priority=User):
user_settings = list(cls.objects.filter(name=name, users__in=[user]))
group_settings = list(cls.objects.filter(name=name, groups__in=user.groups.all()))
if user_settings and not group_settings:
return user_settings
elif group_settings and not user_settings:
return group_settings
else:
return (group_settings, user_settings)[priority==User]
Then you can do something like this in your views:
def display_frob(request):
if Setting.has_setting('display_frob', request.user):
settings = Setting.get_setting('display_from', request.user, priority=Group)
values = [setting.value for setting in settings]
# if the User was in many groups, we now have a list of values, for the setting
# `display_frob`, that aligns with each of those groups
You can easy build a decorator which will do the check, and provide a list (or a single item) of values to the view.
其他提示
For permissions for "actions" (where an action is typically implemented by a view) I commonly use decorators.
The user_passes_test decorator is great for this kind of purpose.
You could create user permissions not linked to models.
Maybe this is what you looking for : django-guardian