员工用户在没有明确分配的情况下无权访问管理站点
Staff users don't have permission to access admin site without explicitly assigning them
我正在使用 Django 3.1.2,超级用户在管理站点中添加的员工用户登录后无法访问同一管理站点。 /admin/ 中的所有页面 return 403 forbidden error.
我在虚拟环境 (venv) 中使用 Windows 10、Python 3.8.5。我的命令是在 Git Bash 中发出的。它首先发生在其他项目中,所以我创建了一个新的来尝试。在 Firefox、Edge 和 Chrome.
中也是同样的错误
正是我所做的:
Git Bash:
$ mkdir test_staff
$ cd test_staff/
$ python -m venv venv_dev
$ source venv_dev/Scripts/activate
$ pip install Django==3.1.2
$ pip list
Package Version
---------- -------
asgiref 3.2.10
Django 3.1.2
pip 20.1.1
pytz 2020.1
setuptools 47.1.0
sqlparse 0.4.1
$ django-admin startproject mysite
$ cd mysite/
$ python manage.py migrate
$ winpty python manage.py createsuperuser
username: admin
password: 12345
$ python manage.py runserver
浏览器:
Login with "admin" user: http://localhost:8000/admin/login
Add staff user: http://localhost:8000/admin/auth/user/add/
username: staff_user
password: Ax47y](U[1fpw;8H2?})
> Save and continue editing
staff status = True
> Save
Logout: http://localhost:8000/admin/logout/
Login with "staff_user": http://localhost:8000/admin/login
结果:
Git Bash:
[09/Oct/2020 12:49:39] "GET /admin/ HTTP/1.1" 200 2282
其他URL:
Git Bash:
Forbidden (Permission denied): /admin/auth/user/
Traceback (most recent call last):
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
response = get_response(request)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\base.py", line 179, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 614, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\views\decorators\cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\sites.py", line 233, in inner
return view(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 1690, in changelist_view
raise PermissionDenied
django.core.exceptions.PermissionDenied
[09/Oct/2020 12:53:50] "GET /admin/auth/user/ HTTP/1.1" 403 135
如果我明确地为用户分配授权权限,员工用户只能访问管理站点。
本应如此。您的新员工用户无权添加或编辑任何内容。尝试创建一个具有一组权限(例如 adding/editing 用户或其他模型)的新组,然后将您的员工用户添加到该组。
我正在使用 Django 3.1.2,超级用户在管理站点中添加的员工用户登录后无法访问同一管理站点。 /admin/ 中的所有页面 return 403 forbidden error.
我在虚拟环境 (venv) 中使用 Windows 10、Python 3.8.5。我的命令是在 Git Bash 中发出的。它首先发生在其他项目中,所以我创建了一个新的来尝试。在 Firefox、Edge 和 Chrome.
中也是同样的错误正是我所做的:
Git Bash:
$ mkdir test_staff
$ cd test_staff/
$ python -m venv venv_dev
$ source venv_dev/Scripts/activate
$ pip install Django==3.1.2
$ pip list
Package Version
---------- -------
asgiref 3.2.10
Django 3.1.2
pip 20.1.1
pytz 2020.1
setuptools 47.1.0
sqlparse 0.4.1
$ django-admin startproject mysite
$ cd mysite/
$ python manage.py migrate
$ winpty python manage.py createsuperuser
username: admin
password: 12345
$ python manage.py runserver
浏览器:
Login with "admin" user: http://localhost:8000/admin/login
Add staff user: http://localhost:8000/admin/auth/user/add/
username: staff_user
password: Ax47y](U[1fpw;8H2?})
> Save and continue editing
staff status = True
> Save
Logout: http://localhost:8000/admin/logout/
Login with "staff_user": http://localhost:8000/admin/login
结果:
Git Bash:
[09/Oct/2020 12:49:39] "GET /admin/ HTTP/1.1" 200 2282
其他URL:
Git Bash:
Forbidden (Permission denied): /admin/auth/user/
Traceback (most recent call last):
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
response = get_response(request)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\core\handlers\base.py", line 179, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 614, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\views\decorators\cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\sites.py", line 233, in inner
return view(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\utils\decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "C:\Users\DELL\Documents\github\test_staff\venv_dev\lib\site-packages\django\contrib\admin\options.py", line 1690, in changelist_view
raise PermissionDenied
django.core.exceptions.PermissionDenied
[09/Oct/2020 12:53:50] "GET /admin/auth/user/ HTTP/1.1" 403 135
如果我明确地为用户分配授权权限,员工用户只能访问管理站点。
本应如此。您的新员工用户无权添加或编辑任何内容。尝试创建一个具有一组权限(例如 adding/editing 用户或其他模型)的新组,然后将您的员工用户添加到该组。