我不想在我的Django项目上有多个AdminSite,我不想给每个用户超级用户角色只是为了查看和编辑应用程序的模型。
这是我项目的布局:
> djangoApp
> djangoApp
- settings.py
- etc...
> AAA
- admin.py
- urls.py
- etc..
> BBB
- admin.py
- urls.py
- etc..
> CCC
- admin.py
- urls.py
- etc..
> ressources
- models.py
- etc..
> core
- admin.py
- auth.py
- models.py
- views.py
以下是BBB的 admin.py(我为每个管理员网站使用不同的数据库(:
from django.contrib import admin
from django.contrib.admin import AdminSite, site
from core.admin import UserAuthenticationForm
from ressources.models import Adresse
class BBBAdminSite(AdminSite):
site_header = 'BBB admin'
login_form = UserAuthenticationForm
login_template = "core/login.html"
def has_permission(self,request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
class AdminModel(admin.ModelAdmin):
using = 'DATABASE_NAME'
def has_add_permission(self, request):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_change_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def has_delete_permission(self, request, obj=None):
user = request.user
return user.is_active and user.is_staff and (user.account_id == 100 or user.account_id == 0)
def save_model(self, request, obj, form, change):
user = request.user
obj.account_id = user.account_id
obj.save(using=self.using)
def delete_model(self, request, obj):
obj.delete(using=self.using)
def get_queryset(self, request):
return super(AdminModel, self).get_queryset(request).using(self.using)
def formfield_for_foreignkey(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_foreignkey(db_field, request=request, using=self.using, **kwargs)
def formfield_for_manytomany(self, db_field, request=None, **kwargs):
return super(AdminModel, self).formfield_for_manytomany(db_field, request=request, using=self.using, **kwargs)
bbbAdmin = BBBAdminSite(name='bbbAdmin')
bbbAdmin.register(Adresse, AdminModel) ### The user can see this in the admin dashboard only if he is superuser
这是同一应用程序的 urls.py:
from django.contrib import admin
from django.urls import include, path, re_path
from BBB.admin import bbbAdmin
urlpatterns = [
path('', bbbAdmin.urls),
]
我使用不同的身份验证后端对我的用户进行身份验证:
核心/身份验证.py:
from django.conf import settings
from django.contrib.auth.hashers import check_password
from .models import User
class AuthBackend(object):
def has_perm(self, user_obj, perm, obj=None):
if(obj != None):
return (obj.account_id == user_obj.account_id)
return False
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
def authenticate(username=None, password=None, account_id=None):
try:
user = User.objects.get(username=username, account_id=account_id)
except User.DoesNotExist:
return None
pwd_valid = check_password(password, user.password)
if pwd_valid:
return user
else:
return None
我已经在我的 settings.py 中注册了身份验证后端:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend',)
我试图将其更改为:
AUTHENTICATION_BACKENDS = ('core.auth.AuthBackend', 'django.contrib.auth.backends.ModelBackend',)
但它给了我错误
您配置了多个身份验证后端,因此必须提供
backend参数或在用户上设置backend属性。
我试图将用户放在具有所有权限的组中,但是当他登录时,它仍然显示"您无权编辑任何内容"。用户已is_staff设置为 True
我已经找到了解决方案。我忘了将方法"has_module_permission"添加到我的管理员模型中
BBB/管理员.py
class AdminModel(Admin.ModelAdmin):
[...]
def has_module_permission(self,request):
return True
[...]
对我来说,我创建了一个自定义管理站点,并在多个地方初始化它的错误,要解决此问题,请在变量中仅初始化一次管理站点,如下所示:
custom_admin_site = CustomAdminSite()
最好在同一个文件中,它被声明,然后将保存该实例的变量导入到需要使用的任何位置,例如在 urls.py 中注册custom_admin_site.urls和跨应用注册模型。在其他地方初始化它正在创建一个全新的管理站点,而不是您之前初始化的站点,因此出现无权限错误。