django PermissionRequiredMixin permission_required 不工作
django PermissionRequiredMixin permission_required not working
Views.py
class templateList(PermissionRequiredMixin, TemplateView):
permission_required = 'accounts.template_all'
def get(self, request, *args, **kwargs):
#view logic
print(self.request.user.has_perms('accounts.template_all'))
return render(request, template_name, context)
accounts/models.py
class User(AbstractBaseUser, PermissionsMixin):
# some fields here
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
permissions = (
("template_all", "access to all templates"),
)
ViewName.___mro____
(<class 'template.views.templateList'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'object'>)
self.request.user.has_perms('accounts.template_all') 在 views.py returns 中是正确的布尔值,但是,self.has_permission() returns 每次都为真。 permission_required 没有效果,即使 print returns 为 false,用户仍然可以看到该页面。 self.get_permission_required 和 returns 正确的值。帮助表示赞赏。
简而言之:PermissionRequiredMixin baseclass 应该放在 before the TemplateView baseclass,这样MRO(Method Resolution Order)是正确的,dispatch指向PermissionRequiredMixin.
的override
A PermissionRequiredMixin 修补了 dispatch(..) 方法(好吧,它添加了一个额外的检查,以查看用户是否具有适当的权限)。但是,在这里您将 subclasses 放置的顺序导致 dispatch(..) 函数是 View class.
中的函数
的确,如果我们看一下 MRO,我们会看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class <b>'django.views.generic.base.View'</b>>, <class <b>'django.contrib.auth.mixins.PermissionRequiredMixin'</b>>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'object'>)
如果我们看一下调用 .dispatch(..) 时调用的方法,我们会看到:
>>> ViewName.dispatch
<function View.dispatch at 0x7f169e8f6620>
为了让mixin覆盖原来的.dispatch(..)函数,我们需要把它放在base classes的最前面,比如:
# PermissionRequiredMixin is put <i>before</i> TemplateView
class ViewName(<b>PermissionRequiredMixin, TemplateView</b>):
permission_required = 'accounts.action_all'
# ...
然后我们看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class <b>'django.contrib.auth.mixins.PermissionRequiredMixin'</b>>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class <b>'django.views.generic.base.View'</b>>, <class 'object'>)
>>> ViewName.dispatch
<function <b>PermissionRequiredMixin.dispatch</b> at 0x7f168b41d620>
Views.py
class templateList(PermissionRequiredMixin, TemplateView):
permission_required = 'accounts.template_all'
def get(self, request, *args, **kwargs):
#view logic
print(self.request.user.has_perms('accounts.template_all'))
return render(request, template_name, context)
accounts/models.py
class User(AbstractBaseUser, PermissionsMixin):
# some fields here
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
permissions = (
("template_all", "access to all templates"),
)
ViewName.___mro____
(<class 'template.views.templateList'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'object'>)
self.request.user.has_perms('accounts.template_all') 在 views.py returns 中是正确的布尔值,但是,self.has_permission() returns 每次都为真。 permission_required 没有效果,即使 print returns 为 false,用户仍然可以看到该页面。 self.get_permission_required 和 returns 正确的值。帮助表示赞赏。
简而言之:PermissionRequiredMixin baseclass 应该放在 before the TemplateView baseclass,这样MRO(Method Resolution Order)是正确的,dispatch指向PermissionRequiredMixin.
A PermissionRequiredMixin 修补了 dispatch(..) 方法(好吧,它添加了一个额外的检查,以查看用户是否具有适当的权限)。但是,在这里您将 subclasses 放置的顺序导致 dispatch(..) 函数是 View class.
的确,如果我们看一下 MRO,我们会看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class <b>'django.views.generic.base.View'</b>>, <class <b>'django.contrib.auth.mixins.PermissionRequiredMixin'</b>>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'object'>)
如果我们看一下调用 .dispatch(..) 时调用的方法,我们会看到:
>>> ViewName.dispatch
<function View.dispatch at 0x7f169e8f6620>
为了让mixin覆盖原来的.dispatch(..)函数,我们需要把它放在base classes的最前面,比如:
# PermissionRequiredMixin is put <i>before</i> TemplateView
class ViewName(<b>PermissionRequiredMixin, TemplateView</b>):
permission_required = 'accounts.action_all'
# ...
然后我们看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class <b>'django.contrib.auth.mixins.PermissionRequiredMixin'</b>>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class <b>'django.views.generic.base.View'</b>>, <class 'object'>)
>>> ViewName.dispatch
<function <b>PermissionRequiredMixin.dispatch</b> at 0x7f168b41d620>