发表新帖
发表新帖

Django role based views?

后端 未结
关注
9 1969
既然无缘
既然无缘 2020-12-04 06:43

I\'m looking for some input on how others would architect this. I\'m going to provide class (django group) based views.

For example, a user\'s group will determine

相关标签:
9条回答
  • 猫巷女王i
    2020-12-04 07:35

    There is a new very interesting project about role based permissions in Django: http://bitbucket.org/nabucosound/django-rbac

    0 讨论(0)
  • 遥遥无期
    2020-12-04 07:46

    On a site for an expert on Pinot Noir wine we created per-object access based on a number of different criteria. If the inbound link had a referer field that matched the domain name of a featured winery, then the user got a 'winery token' which expanded to all articles, tasting notes, etc. related to that winery. We use 'named tokens' for give aways at tasting events and they gave access to specific parts of the site. We even use this to grant certain types of permissions to search engine spiders and then make sure that links that come from those search engines have the same permissions as the spider did (ie. no cloaking games).

    The short version is that you can create a class (we called them TokenBuckets which hold Tokens) and each object (on a detail page, or a list page, or whatever) can ask the user's TokenBucket if a certain level of access is allowed.

    Basically it's a weird kind of ACL system. It wasn't that hard to create the mechanics. All of the magic is in determining under what circumstances which tokens go into the bucket.

    0 讨论(0)
  • 失恋的感觉
    2020-12-04 07:47

    Django already has a groups and permissions system, which may be sufficient for your purpose.

    http://docs.djangoproject.com/en/dev/topics/auth/

    Generally in your code you check if a user has a permission. A user has his own permissions and those of the groups he belongs to. You can administer this pretty easily from the admin console.

    There are two parts you need to look at.

    1. Check that a user requesting a page has permission to do so.
    2. Only display links to the user if he has the permission.

    For 1. you can check permissions in a decorator as such:

    from django.contrib.auth.decorators import permission_required

@permission_required('polls.can_vote')
def some_view(request):

    For 2. the currently logged-in user's permissions are stored in the template variable {{ perms }}. This code checks the same permission as above.

    {% if perms.polls.can_vote %}
    <a href="/vote">vote</a>
{% endif %}

    To generate a list of links you can iterate over user.get_all_permissions() and fetch the links (or function that generates the link) from a dict:

    def more_elaborate_list_of_links_for_a_perm(user):
    return ["/link1", ...]

_LINKS = {
    'polls.can_vote' : lambda u: ["/user/specific/link/" + u.id],
    'polls.can_close': lambda u: ['/static/link/1', 'static/link/2'],
    'polls.can_open' : more_elaborate_list_of_links_for_a_perm
}

def gen_links(user):
    # get_all_permissions also gets permissions for users groups
    perms = user.get_all_permissions()
    return sum((_LINKS[p](user) for p in perms if p in _LINKS), [])

    There are probably many other approaches.

    0 讨论(0)
 看不清?
提交回复
热议问题