Django admin - giving users access to specific objects/fields?

馋奶兔 提交于 2019-12-23 09:46:39

问题


I need to make an "owners" login for the admin. Say we have this model structure:

class Product(models.Model):
    owner = models.ManyToManyField(User)
    name = models.CharField(max_length=255)
    description = models.CharField(max_length=255)
    photos = models.ManyToManyField(Photo, through='ProductPhoto')


class Photo(models.Model):
    order = models.IntegerField()
    image = models.ImageField(upload_to='photos')
    alt = models.CharField(max_length=255)


class ProductPhoto(models.Model):
    photo = models.ForeignKey(Photo)
    product = models.ForeignKey(Product)

We have a group called Owners that some users are part of. The ProductPhoto is a TabularInline on the Product admin page.

Now, owners need permission to edit

  1. (primary goal) only products where product__in=user.products (so basically, only products owned by them).

  2. (secondary goal) only the description and photos of products

How would I do this with Django's admin/permission system?


回答1:


This is row (or object) level permission. Django provides basic support for object permissions but it is up to you to implement the code.

Luckily, there are a few apps that provide drop-in object-level permission framework. django-guardian is one that I have used before. This page on djangopackages.com provides some more that you can try out.



来源:https://stackoverflow.com/questions/11138479/django-admin-giving-users-access-to-specific-objects-fields

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!