如何将django-rules应用到admin后台中?
项目需求:希望通过使用django-rules,在admin后台中实现对object level权限控制, 测试用例:以https://github.com/dfunckt/django-rules 中测试用例testapp尝试运行
from django.db import models from django.conf import settings class Book(models.Model): isbn = models.CharField(max_length=50, unique=True) title = models.CharField(max_length=100) author = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE) def __str__(self): return self.title
from django.contrib import admin from rules.contrib.admin import ObjectPermissionsModelAdmin from .models import Book class BookAdmin(ObjectPermissionsModelAdmin): pass admin.site.register(Book, BookAdmin)
import rules # Predicates @rules.predicate def is_book_author(user, book): if not book: return False return book.author == user @rules.predicate def is_boss(user): return user.is_superuser is_editor = rules.is_group_member('editors') # Rules rules.add_rule('change_book', is_book_author | is_editor) rules.add_rule('delete_book', is_book_author) rules.add_rule('create_book', is_boss) # Permissions rules.add_perm('testapp.change_book', is_book_author | is_editor) rules.add_perm('testapp.delete_book', is_book_author)
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'rules', 'testapp', ]
-
实际步骤: 1.使用mysql数据库,数据表迁移生成后,进入admin后台尝试操作,用户guest1非superuser,设置拥有book的view add change delete四种权限;
-
错误: 在admin后台使用guest1用户验证,创建文章,success;点击尝试修改文章,显示forbidden 403,如下:
Q:想知道怎样才能正确使用rules?
评论 0