Django Admin,自定义权限复选框

时间:2014-10-30 12:10:30

标签: python django permissions

请帮帮我。我被困在我的django项目中的一个地方,以便由教师生成问卷。我实现了自己的UserAdmin模型,尽管是is_staff,is_superuser字段,但我有自己的布尔字段" is_teacher"。在创建新用户时,如果" is_teacher"框已勾选,我想授予该用户管理整个问卷调查模型的权限,但删除管理MyUser模型的权限(创建,更改和删除用户)

这就是我实施的所有内容:

在models.py

class MyUserManager(BaseUserManager):
    def create_user(self, username, email=None, password=None):
        if not username:
            raise ValueError('The given username must be set')
        email = MyUserManager.normalize_email(email)
        user = self.model(username=username, email=email, is_staff=True, is_active=True, is_superuser=False, is_teacher=True)

        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_superuser(self, username, email, password):
        u = self.create_user(username, email, password)
        u.is_staff = True
        u.is_active = True
        u.is_superuser = True
        u.is_teacher = True
        u.save(using=self._db)
        return u


class MyUser(AbstractBaseUser):
    username = models.CharField(max_length=30, unique=True)
    email = models.EmailField(blank=True)
    is_active = models.BooleanField(default=True)
    is_staff = models.BooleanField(default=True)
    is_superuser = models.BooleanField(default=False)
    is_teacher = models.BooleanField(default=True)

    objects = MyUserManager()

    USERNAME_FIELD = 'username'
    REQUIRED_FIELDS = ['email']

    def get_full_name(self):
        return self.username

    def get_short_name(self):
        return self.username

    def __unicode__(self):
        return self.username

    def has_perm(self, perm, obj=None):
        return True

    def has_module_perms(self, module):
        return True

在admin.py中

class UserCreationForm(forms.ModelForm):
    """
    A form that creates a user, with no privileges, from the given username and
    password.
    """
    error_messages = {
        'password_mismatch': "The two password fields didn't match.",
    }
    password1 = forms.CharField(label="Password",
        widget=forms.PasswordInput)
    password2 = forms.CharField(label="Password confirmation",
        widget=forms.PasswordInput)

    class Meta:
        model = MyUser
        fields = ("username",)

    def clean_password2(self):
        password1 = self.cleaned_data.get("password1")
        password2 = self.cleaned_data.get("password2")
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError(
                self.error_messages['password_mismatch'],
                code='password_mismatch',
            )
        return password2

    def save(self, commit=True):
        user = super(UserCreationForm, self).save(commit=False)
        user.set_password(self.cleaned_data["password1"])
        if commit:
            user.save()
        return user


class UserChangeForm(forms.ModelForm):
    password = ReadOnlyPasswordHashField(label="Password")

    class Meta:
        model = MyUser
        fields = ('username', 'password', 'email', 'is_active', 'is_staff', 'is_superuser', 'is_teacher')

    def clean_password(self):
        # Regardless of what the user provides, return the initial value.
        # This is done here, rather than on the field, because the
        # field does not have access to the initial value
        return self.initial["password"]


class MyUserAdmin(UserAdmin):
    form = UserChangeForm
    add_form = UserCreationForm

    list_display = ('username', 'email', 'is_teacher')
    list_filter = ('is_staff', 'is_superuser', 'is_active')
    fieldsets = (
        (None, {'fields': ('username', 'password')}),
        ('Personal info', {'fields': ('email',)}),
        ('Permissions', {'fields': ('is_superuser', 'is_teacher',)}),
    )

    add_fieldsets = (
        (None, {
            'classes': ('wide',),
            'fields': ('username', 'email', 'password1', 'password2')}
        ),
    )


    search_fields = ('username', 'email')
    ordering = ('username',)
    filter_horizontal = ()

1 个答案:

答案 0 :(得分:1)

有两种方法可以做到这一点。一种是手动添加权限。您应该在MyUserAdmin类中执行此操作,覆盖默认的save方法。像这样:

def save_model(self, request, obj, form, change):
    # ADD THE PERMISSIONS HERE LIKE SO:

    obj.save()
    if obj.is_teacher:
        # This is just an example of a permission you can add
        obj.user_permissions.add('questionaires_questionire_change', '......')
    else:
        # Remove the permissions in case a user was demoted from teacher status
        obj.user_permissions.remove('questionaires_questionire_change', '......')

现在,这样做的另一种方式,我认为更好(因为它不依赖于保存用户模型,并且您可以在将来更改而无需运行所有用户更新权限):

您可以在其模型管理中覆盖调查表和其他所需模型的has_change_permission,has_add_permission和has_delete_permission。这是您的问卷调查模型的示例(此处仅显示更改权限):

https://docs.djangoproject.com/en/dev/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_change_permission

class QuestionnaireAdmin(admin.ModelAdmin):
    def has_change_permission(self, request, obj=None):
        if request.user.is_teacher:
            return True
        # If a user is not a teacher, let Django evaluate their specific permissions (a superusuer will always have permission if you do it this way)
        return super(QuestionnaireAdmin, self).has_change_permission(request, obj=None)