我当前正在练习Django的权限模块
这些是我的模型:
from django.db import models
# Create your models here.
class School(models.Model):
name = models.CharField(max_length=100)
address = models.TextField()
def __unicode__(self):
return self.name
class Teacher(models.Model):
school = models.ForeignKey(School)
first_name = models.CharField(max_length=50)
middle_name = models.CharField(max_length=50)
last_name = models.CharField(max_length=50)
def name(self):
return '{0} {1} {2}'.format(self.first_name,
self.middle_name,
self.last_name)
def __unicode__(self):
return self.name()
class Section(models.Model):
"""
This model must only be manipulated by its respective teacher
"""
teacher = models.ForeignKey(Teacher)
name = models.CharField(max_length=100)
def __unicode__(self):
return self.name
class Student(models.Model):
"""
This model must only be manipulated by its respective teacher
"""
section = models.ForeignKey(Section)
first_name = models.CharField(max_length=50)
middle_name = models.CharField(max_length=50)
last_name = models.CharField(max_length=50)
def name(self):
return '{0} {1} {2}'.format(self.first_name,
self.middle_name,
self.last_name)
def __unicode__(self):
return self.name()
class Subject(models.Model):
"""
This model must only be manipulated by its respective student
"""
student = models.ForeignKey(Student)
name = models.CharField(max_length=50)
code = models.CharField(max_length=50)
def __unicode__(self):
return self.name
,在我的django-admin中,我创建了类似:
的组principal # Can change, add and delete Teacher Model
teacher # Can change, add and delete Student and Section Model
school_admin # Can change, add and delete School Model
student # Can change, add and delete Subject Model
在我的Views.py中,我尝试对用户进行身份验证和登录用户,然后登录用户,该用户具有教师组,然后创建一个学校对象,例如:
def index(request):
template = 'login.html'
user = request.user
login_form = LoginForm(request.POST or None)
context_dict = {'login_form': login_form}
if user.is_authenticated():
groups = user.groups
print 'User:'
print user
if groups.filter(name='teacher').exists():
print 'Teachers'
# The code below will save even though it is not in its permission
School.objects.create(name='DPS', address='Some Address')
return HttpResponse("Login")
if request.method == 'POST':
if login_form.is_valid():
username = login_form.cleaned_data['username']
password = login_form.cleaned_data['password']
# print (login_form.cleaned_data)
# user = authenticate(username=username, password=password)
user = authenticate(email=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return HttpResponseRedirect('/')
else:
return HttpResponse("Wrong Username Password")
return render(request, template, context_dict)
学校对象被创建了。但是我希望它不会被创建,因为登录的用户没有允许创建学校对象的许可。.我是否缺少一些东西来启用我的期望,而无需进行很多编码?或者我真的必须在视图上手动使用组和权限来提出条件声明?
我相信这条线
School.objects.create(name='DPS', address='Some Address')
是独立的表达。只要通过教师过滤器,它将在代码中执行,因为它不了解上下文或权限。您可以简单地使用条件来实现所需的目标。