我不想在我的Django项目中拥有多个AdminSite,我不想让每个用户都只是为了查看和编辑应用程序的模型而拥有超级用户角色。
这是我项目的布局:
> djangoApp
> djangoApp
- settings.py
- etc...
> AAA
- admin.py
- urls.py
- etc..
> BBB
- admin.py
- urls.py
- etc..
> CCC
- admin.py
- urls.py
- etc..
> ressources
- models.py
- etc..
> core
- admin.py
- auth.py
- models.py
- views.py
这是BBB的admin.py(我为每个AdminSite使用不同的数据库):
from django.contrib import admin
from django.contrib.admin import AdminSite, site
from core.admin import UserAuthenticationForm
from ressources.models import Adresse
class BBBAdminSite(AdminSite):
site_header = 'BBB admin'
login_form = UserAuthenticationForm
login_template = "core/login.html"
def has_permission(self,request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
class AdminModel(admin.ModelAdmin):
using = 'DATABASE_NAME'
def has_add_permission(self, request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_change_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_delete_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def save_model(self, request, obj, form, change):
user = request.user
obj.account_id = user.account_id
obj.save(using=self.using)
def delete_model(self, request, obj):
obj.delete(using=self.using)
def get_queryset(self, request):
return super(AdminModel, self).get_queryset(request).using(self.using)
def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_foreignkey(db_field, request=request, using=self.using, **kwargs)
def formfield_for_manytomany(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_manytomany(db_field, request=request, using=self.using, **kwargs)
bbbAdmin = BBBAdminSite(name='bbbAdmin')
bbbAdmin.register(Adresse, AdminModel) ### The user can see this in the admin dashboard only if he is superuser
以下是相同应用的urls.py:
from django.contrib import admin
from django.urls import include, path, re_path
from BBB.admin import bbbAdmin
urlpatterns = [
path('', bbbAdmin.urls),
]
我使用不同的AuthBackend来验证我的用户:
芯/ auth.py:
from django.conf import settings
from django.contrib.auth.hashers import check_password
from .models import User
class AuthBackend(object):
def has_perm(self, user_obj, perm, obj=None):
if(obj != None):
return (obj.account_id == user_obj.account_id)
return False
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def authenticate(username=None, password=None, account_id=None):
try:
user = User.objects.get(username=username, account_id=account_id)
except User.DoesNotExist:
return None
pwd_valid = check_password(password, user.password)
if pwd_valid:
return user
else:
return None
我在settings.py中注册了AuthBackend:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend',)
我尝试将其更改为:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend', 'django.contrib.auth.backends.ModelBackend',)
但它给了我错误
您配置了多个身份验证后端,因此必须提供
backend参数或在用户上设置backend属性。
我试图将用户置于具有所有权限的组中,但在登录时仍显示“您无权编辑任何内容”。 用户将is_staff设置为True
答案 0 :(得分:1)
我找到了解决方案。 我忘了添加方法" has_module_permission"到我的AdminModel
BBB / admin.py
class AdminModel(Admin.ModelAdmin):
[...]
def has_module_permission(self,request):
return True
[...]