如何撤销在 django admin 中编辑管理员用户的权限
How to revoke permission to edit Admin User in django admin
我有一个自定义用户模型,我可以在不授予必要权限的情况下创建组。我通过授予查看和更改用户的权限创建了一个组。我在该组中添加了一个员工用户,但没有将他们升级为管理员用户或超级用户。但是该用户可以编辑管理员用户。如何防止该特定组中的用户编辑管理员用户?
class MyAccountManager(BaseUserManager):
def create_user(self, email, username, password=None):
if not email:
raise ValueError("Users must have an email address")
if not username:
raise ValueError("Users must have an username")
user = self.model(
email=self.normalize_email(email),
username=username,
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, username, password):
user = self.create_user(
email=self.normalize_email(email),
username=username,
password=password,
)
user.is_admin = True
user.is_staff = True
user.is_superuser = True
user.save(using=self._db)
return user
class User(AbstractBaseUser,PermissionsMixin):
email = models.EmailField(verbose_name='email', max_length=80, unique=True)
username = models.CharField(max_length=30, unique=True)
first_name = models.CharField(max_length=100,null=True)
last_name = models.CharField(max_length=100,null=True)
phone_no = models.CharField(max_length=12, null=True)
date_joined = models.DateField(
verbose_name='date joined', auto_now_add=True)
last_login = models.DateField(verbose_name='last login', auto_now=True)
is_admin = models.BooleanField(default=False)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
is_teacher = models.BooleanField(default=False)
address = models.CharField(max_length=500, null=True, blank=True)
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
objects = MyAccountManager()
def __str__(self):
return self.email
# def has_perm(self, perm, obj=None):
# return self.is_admin
def has_module_perms(self, app_label):
return True
为此,您需要虚拟分离模型。你可以使用 Django 的 Proxy Model。将以下代码添加到 models.py.
的底部
from django.contrib.auth.models import UserManager
class StaffManager(UserManager):
def get_queryset(self):
qs = super().get_queryset()
return qs.filter(is_staff=True)
class StaffProxyModel(User):
objects = StaffManager()
class Meta:
proxy = True
verbose_name = 'Staff'
verbose_name_plural = 'Staffs'
#admin.py
from django.contrib.auth.admin import UserAdmin
class StaffProxyModelAdmin(UserAdmin):
pass
admin.site.register(StaffProxyModel, StaffProxyModelAdmin)
进行更改后 运行 python manage.py makemigrations 和 python manage.py migrate。完成上述步骤后,您将能够在权限列表中看到“员工代理模型”。向您的组授予对此模型的更改和查看访问权限。你的问题应该解决了。
Django 会将代理模型视为一个单独的模型,尽管在数据库级别,用户和员工模型都存储在相同的 table.
中
我有一个自定义用户模型,我可以在不授予必要权限的情况下创建组。我通过授予查看和更改用户的权限创建了一个组。我在该组中添加了一个员工用户,但没有将他们升级为管理员用户或超级用户。但是该用户可以编辑管理员用户。如何防止该特定组中的用户编辑管理员用户?
class MyAccountManager(BaseUserManager):
def create_user(self, email, username, password=None):
if not email:
raise ValueError("Users must have an email address")
if not username:
raise ValueError("Users must have an username")
user = self.model(
email=self.normalize_email(email),
username=username,
)
user.set_password(password)
user.save(using=self._db)
return user
def create_superuser(self, email, username, password):
user = self.create_user(
email=self.normalize_email(email),
username=username,
password=password,
)
user.is_admin = True
user.is_staff = True
user.is_superuser = True
user.save(using=self._db)
return user
class User(AbstractBaseUser,PermissionsMixin):
email = models.EmailField(verbose_name='email', max_length=80, unique=True)
username = models.CharField(max_length=30, unique=True)
first_name = models.CharField(max_length=100,null=True)
last_name = models.CharField(max_length=100,null=True)
phone_no = models.CharField(max_length=12, null=True)
date_joined = models.DateField(
verbose_name='date joined', auto_now_add=True)
last_login = models.DateField(verbose_name='last login', auto_now=True)
is_admin = models.BooleanField(default=False)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
is_teacher = models.BooleanField(default=False)
address = models.CharField(max_length=500, null=True, blank=True)
USERNAME_FIELD = 'username'
REQUIRED_FIELDS = ['email']
objects = MyAccountManager()
def __str__(self):
return self.email
# def has_perm(self, perm, obj=None):
# return self.is_admin
def has_module_perms(self, app_label):
return True
为此,您需要虚拟分离模型。你可以使用 Django 的 Proxy Model。将以下代码添加到 models.py.
的底部from django.contrib.auth.models import UserManager
class StaffManager(UserManager):
def get_queryset(self):
qs = super().get_queryset()
return qs.filter(is_staff=True)
class StaffProxyModel(User):
objects = StaffManager()
class Meta:
proxy = True
verbose_name = 'Staff'
verbose_name_plural = 'Staffs'
#admin.py
from django.contrib.auth.admin import UserAdmin
class StaffProxyModelAdmin(UserAdmin):
pass
admin.site.register(StaffProxyModel, StaffProxyModelAdmin)
进行更改后 运行 python manage.py makemigrations 和 python manage.py migrate。完成上述步骤后,您将能够在权限列表中看到“员工代理模型”。向您的组授予对此模型的更改和查看访问权限。你的问题应该解决了。
Django 会将代理模型视为一个单独的模型,尽管在数据库级别,用户和员工模型都存储在相同的 table.