如何设置具有多个权限的一个用户的django用户权限?
How to set up django user permissions with one user having multiple permissions?
我有以下想法。一个用户可以在多个公司。用户在他或她所在的每个公司都有不同的权限。
下面的示例不起作用,因为一个用户将始终拥有相同的权限。
我应该如何设置我的用户模型,一个用户在每个公司都有不同的权限?
到目前为止我已经尝试过:
class User(AbstractUser):
hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)
class Meta:
permissions = (("is_general", "Can add people to his company and see everything"),
("is_captain", "Can add/edit/delete everything"),
("is_staff", "Can add/edit/delete jobs"),
("is_programmer", "Can do what he or she wants to do"))
def clean(self):
self.username = self.username.lower()
class Company(models.Model):
name = models.CharField(max_length=80)
slug = models.SlugField(unique=True)
users = models.ManyToManyField(User, related_name="companies")
class Meta:
verbose_name_plural = "companies"
您为 ManyToManyField 定义了一个 模型,多对多关系流经该模型。
所以代替:
+---------+ M N +-------------+ M N +------------+
| Company |----------| User |----------| Permission |
+---------+ +-------------+ +------------+
| permissions |
+-------------+
我们这样写:
+---------+ 1 N +-------------+ M 1 +------+
| Company |----------| UserCompany |----------| User |
+---------+ +-------------+ +------+
| M
|
| N
+------------+
| Permission |
+------------+
我们可以这样做:
from django.contrib.auth.models import Permission
class User(AbstractUser):
def clean(self):
self.username = self.username.lower()
class Company(models.Model):
name = models.CharField(max_length=80)
slug = models.SlugField(unique=True)
users = models.ManyToManyField(User, <b>through='app.CompanyUser'</b>, related_name="companies")
class Meta:
verbose_name_plural = "companies"
class <b>CompanyUser</b>(models.Model):
<b>user = models.ForeignKey('app.User', on_delete=models.CASCADE)</b>
<b>company = models.ForeignKey('app.Company', on_delete=models.CASCADE)</b>
<b>hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)</b>
<b>permissions = models.ManyToManyField(Permission, on_delete=models.CASCADE)</b>
您可能想将其他逻辑转移到 through 模型。例如,hourly_wage 可能也与 (User, Company)-对相关,而不特定于 User 本身。
因此,您可以通过以下方式向 UserCompany 添加权限:
someusercompany.permissions.add(some_permission)
然后检查 UserCompany 是否具有以下权限:
CompanyUser.objects.filter(
user=some_user,
company=some_company,
some_permission=some_permission
).exists()
在 documentation about through parameter [django-doc] 中查看更多相关信息。
我有以下想法。一个用户可以在多个公司。用户在他或她所在的每个公司都有不同的权限。 下面的示例不起作用,因为一个用户将始终拥有相同的权限。
我应该如何设置我的用户模型,一个用户在每个公司都有不同的权限?
到目前为止我已经尝试过:
class User(AbstractUser):
hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)
class Meta:
permissions = (("is_general", "Can add people to his company and see everything"),
("is_captain", "Can add/edit/delete everything"),
("is_staff", "Can add/edit/delete jobs"),
("is_programmer", "Can do what he or she wants to do"))
def clean(self):
self.username = self.username.lower()
class Company(models.Model):
name = models.CharField(max_length=80)
slug = models.SlugField(unique=True)
users = models.ManyToManyField(User, related_name="companies")
class Meta:
verbose_name_plural = "companies"
您为 ManyToManyField 定义了一个 模型,多对多关系流经该模型。
所以代替:
+---------+ M N +-------------+ M N +------------+
| Company |----------| User |----------| Permission |
+---------+ +-------------+ +------------+
| permissions |
+-------------+
我们这样写:
+---------+ 1 N +-------------+ M 1 +------+
| Company |----------| UserCompany |----------| User |
+---------+ +-------------+ +------+
| M
|
| N
+------------+
| Permission |
+------------+
我们可以这样做:
from django.contrib.auth.models import Permission
class User(AbstractUser):
def clean(self):
self.username = self.username.lower()
class Company(models.Model):
name = models.CharField(max_length=80)
slug = models.SlugField(unique=True)
users = models.ManyToManyField(User, <b>through='app.CompanyUser'</b>, related_name="companies")
class Meta:
verbose_name_plural = "companies"
class <b>CompanyUser</b>(models.Model):
<b>user = models.ForeignKey('app.User', on_delete=models.CASCADE)</b>
<b>company = models.ForeignKey('app.Company', on_delete=models.CASCADE)</b>
<b>hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)</b>
<b>permissions = models.ManyToManyField(Permission, on_delete=models.CASCADE)</b>
您可能想将其他逻辑转移到 through 模型。例如,hourly_wage 可能也与 (User, Company)-对相关,而不特定于 User 本身。
因此,您可以通过以下方式向 UserCompany 添加权限:
someusercompany.permissions.add(some_permission)
然后检查 UserCompany 是否具有以下权限:
CompanyUser.objects.filter(
user=some_user,
company=some_company,
some_permission=some_permission
).exists()
在 documentation about through parameter [django-doc] 中查看更多相关信息。