djangoApp > djan-6ren">
gpt4 book ai didi

django - "you don' 如果用户不是 super 用户,则无权编辑自定义 AdminSite 上的任何内容

转载 作者:行者123 更新时间:2023-12-02 03:38:59 26 4
gpt4 key购买 nike

我不想在我的 Django 项目上有多个 AdminSite,我不想给每个用户 super 用户角色只是为了查看和编辑应用程序的模型。

这是我的项目布局:

> djangoApp
> djangoApp
- settings.py
- etc...
> AAA
- admin.py
- urls.py
- etc..
> BBB
- admin.py
- urls.py
- etc..
> CCC
- admin.py
- urls.py
- etc..
> ressources
- models.py
- etc..
> core
- admin.py
- auth.py
- models.py
- views.py

这里是BBB的admin.py(我为每个AdminSite使用了不同的数据库):

from django.contrib import admin
from django.contrib.admin import AdminSite, site
from core.admin import UserAuthenticationForm
from ressources.models import Adresse


class BBBAdminSite(AdminSite):
site_header = 'BBB admin'

login_form = UserAuthenticationForm
login_template = "core/login.html"

def has_permission(self,request):

user = request.user

return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)

class AdminModel(admin.ModelAdmin):

using = 'DATABASE_NAME'

def has_add_permission(self, request):

user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)

def has_change_permission(self, request, obj=None):

user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)

def has_delete_permission(self, request, obj=None):

user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)

def save_model(self, request, obj, form, change):
user = request.user
obj.account_id = user.account_id
obj.save(using=self.using)

def delete_model(self, request, obj):
obj.delete(using=self.using)

def get_queryset(self, request):
return super(AdminModel, self).get_queryset(request).using(self.using)

def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_foreignkey(db_field, request=request, using=self.using, **kwargs)

def formfield_for_manytomany(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_manytomany(db_field, request=request, using=self.using, **kwargs)

bbbAdmin = BBBAdminSite(name='bbbAdmin')


bbbAdmin.register(Adresse, AdminModel) ### The user can see this in the admin dashboard only if he is superuser

这是同一个应用程序的 urls.py:

from django.contrib import admin
from django.urls import include, path, re_path
from BBB.admin import bbbAdmin


urlpatterns = [
path('', bbbAdmin.urls),
]

我使用不同的 AuthBackend 来验证我的用户:

核心/auth.py:

from django.conf import settings
from django.contrib.auth.hashers import check_password
from .models import User

class AuthBackend(object):

def has_perm(self, user_obj, perm, obj=None):
if(obj != None):
return (obj.account_id == user_obj.account_id)
return False

def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None

def authenticate(username=None, password=None, account_id=None):

try:
user = User.objects.get(username=username, account_id=account_id)
except User.DoesNotExist:
return None

pwd_valid = check_password(password, user.password)

if pwd_valid:
return user
else:
return None

我已经在我的 settings.py 中注册了 AuthBackend:

AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend',)

我尝试将其更改为:

AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend', 'django.contrib.auth.backends.ModelBackend',)

但它给了我错误

You have multiple authentication backends configured and therefore must provide the backend argument or set the backend attribute on the user.

我试过把用户放到一个拥有所有权限的组中,但是当他登录时它仍然显示“你没有权限编辑任何东西”。用户将 is_staff 设置为 True

最佳答案

我找到了解决方案。我忘了将方法“has_module_permission”添加到我的 AdminModel

BBB/admin.py

class AdminModel(Admin.ModelAdmin):

[...]

def has_module_permission(self,request):
return True

[...]

关于django - "you don' 如果用户不是 super 用户,则无权编辑自定义 AdminSite 上的任何内容,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49279758/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com