为particualr user/group、all authenticated user或anonymous user添加特定于对象的权限
django-object-permission的Python项目详细描述
django-object-permissiono将对象权限功能应用于django模型
安装
sudo pip install django-object-permission
或:
sudo pip install git+git://github.com/lambdalisue/django-object-permission.git#egg=django-object-permission
如何使用
- 将“对象权限”附加到INSTALLED_APPS
- 将“object_permission.backends.objectpermbandend”附加到AUTHENTICATION_BACKENDS
- 将“ophandler.py”添加到应用程序目录,如“admin.py”
- 编写特定于模型的objectpermhandler并将其注册到object_permission.site
见object_permission_test 更多细节。如果你想看旧式故事,请看README_old.rst或 object_permission_test_deprecated
微型博客应用程序示例
models.py:
from django.db import models from django.contrib.auth.models import User # django-author: useful for adding automatically update author field from author.decorators import with_author @with_author class Entry(models.Model): PUB_STATES = ( ('public', 'public entry'), ('protected', 'login required'), ('private', 'secret entry'), ) pub_state = models.CharField('publish status', choices=PUB_STATES) title = models.CharField('title', max_length=140) body = models.TextField('body') # ...
ophandler.py:
from object_permission import site # AuthorObjectPermHandler need 'django-observer' and required 'author' # field (the author field is automatically added by 'with_author' decorator) from object_permission.handlers import ObjectPermHandler from models import Entry class EntryObjectPermHandler(ObjectPermHandler): """ObjectPermHandler for model which has author field This handler contribute.. 1. Manager permission to instance author 2. Viewer permission to authenticated user 3. Viewer permission to anonymous user if reject_anonymous is False """ author_field = 'author' reject_anonymous = False def get_author(self): """get author field value""" return getattr(self.instance, self.author_field) def setup(self): # watch author field self.watch(self.author_field) def updated(self, attr): # Author has full access self.manager(self.get_author()) # Authenticated user can view self.viewer(None) if self.reject_anonymous: self.reject('anonymous') else: self.viewer('anonymous') # Register to object_permission site like django.contrib.admin site.register(Entry, EntryObjectPermHandler)
views.py:
from django.views.generic import ListView from django.views.generic import DetailView from django.views.generic import CreateView from django.views.generic import UpdateView from django.views.generic import DeleteView from django.core.urlresolvers import reverse from object_permission.decorators import permission_required from models import Entry from forms import EntryForm class EntryListView(ListView): model = Entry class EntryDetailView(DetailView): model = Entry slug_field = 'title' # decorate 'dispatch' method without method_decorator @permission_required('blog.view_entry') def dispatch(self, *args, **kwargs): return super(EntryDetailView, self).dispatch(*args, **kwargs) # You can use the decorator as View class decorator # Then automatically decorate 'dispatch' method of the View @permission_required('blog.add_entry') class EntryCreateView(CreateView): form_class = EntryForm model = Entry @permission_required('blog.change_entry') class EntryUpdateView(UpdateView): form_class = EntryForm model = Entry @permission_required('blog.delete_entry') class EntryDeleteView(DeleteView): model = Entry def get_success_url(self): return reverse('blog-entry-list')
index.html:
{% load object_permission_tags %} <html> <head> <title>django-object-permission example</title> </head> <body> {% pif 'blog.add_entry' of None or 'blog.change_entry' of object or 'blog.delete_entry' of object %} <!-- displayed only user who has `blog.add_entry` permission, `blog.change_entry` permision for object or `blog.delete_entry` permission for object --> <h2>Toolbox</h2> {% pif 'blog.add_entry' of object %} <!-- displayed only user who has `blog.add_entry` permission --> <a href="{% url 'blog-entry-create' %}">Add New Entry</a> {% endpif %} {% pif object and 'blog.change_entry' of object %} <!-- displayed only user who has `blog.change_entry` permission for object --> <a href="{% url 'blog-entry-update' object.pk %}">Change this entry</a> {% endpif %} {% pif object and 'blog.delete_entry' of object %} <!-- displayed only user who has `blog.delete_entry` permission for object --> <a href="{% url 'blog-entry-delete' object.pk %}">Delete this entry</a> {% endpif%} {% endpif %} </body> </html>
设置
- OBJECT_PERMISSION_EXTRA_DEFAULT_PERMISSIONS
所有模型的额外默认权限列表。Django贡献 默认为所有模型的“添加”、“更改”和“删除”权限。
默认值:['view']
- OBJECT_PERMISSION_BUILTIN_TEMPLATETAGS
如果这是真的,那么pif将被内置在templatetags中,这意味着您不需要 在使用pif标记之前,需要添加{% load object_permission_tags %}。
默认值:True
- OBJECT_PERMISSION_AUTODISCOVER
启用自动发现功能。对象权限自动搜索“ophandler” (或OBJECT_PERMISSION_HANDLER_MODULE_NAME)模块,用于每个应用程序和加载。
默认值:True
- OBJECT_PERMISSION_HANDLER_MODULE_NAME
用于搜索每个应用程序的对象权限处理程序模块。
默认值:'ophandler'
- OBJECT_PERMISSION_DEPRECATED
如果这是真的,则加载所有不推荐的功能。你不应该开玩笑 除非您的项目太大,无法进行重构,因为不推荐使用此功能 不再受支持和限制。
将在0.5版中删除
- OBJECT_PERMISSION_MODIFY_FUNCTION(已弃用)
- 为对象的“修改对象”权限保存对象时设置函数的名称。 默认值是modify_object_permission
- OBJECT_PERMISSION_MODIFY_M2M_FUNCTION(已弃用)
- 为修改对象权限更新对象的多人关系时设置函数名 对于对象。默认值是modify_object_permission_m2m