如何限制用户只能查看和编辑自己的用户信息? 按照 Django 的权限管理机制,用户注册至少要有对 User model 的 add, view, change 权限才行。那么就意味着某个用户可以查看和编辑别人的用户信息。 如何限制某个用户,只能查看和编辑自己的用户信息呢? 评论 1 登录评论 吴秀峰 2021-05-29 class CourseAdmin(admin.ModelAdmin): #指定用户只能查看自己用户下的东西 def get_queryset(self, request): qs = super(CourseAdmin, self).get_queryset(request) if request.user.is_superuser: return qs return qs.filter(user=request.user) list_display = ('id','title','course','user','views','modified_time') list_display_links = ('id', 'title') actions_on_bottom = True search_fields = ['title'] list_editable = ['views'] # filter_horizontal=['user'] # date_hierarchy = 'modified_time' # exclude = ('user',) #排除某些字段在后台显示 #raw_id_fields = ('user',) # list_select_related = ('user', 'course') #指定某字段只能自己查看属于自己用户下的字段 def formfield_for_foreignkey(self, db_field, request, kwargs): if db_field.name == "user": kwargs["queryset"] = Userinfo.objects.filter(username=request.user) if db_field.name == "course": kwargs["queryset"] = Category.objects.filter(user=request.user) return super().formfield_for_foreignkey(db_field, request, kwargs)
吴秀峰 2021-05-29 class CourseAdmin(admin.ModelAdmin): #指定用户只能查看自己用户下的东西 def get_queryset(self, request): qs = super(CourseAdmin, self).get_queryset(request) if request.user.is_superuser: return qs return qs.filter(user=request.user) list_display = ('id','title','course','user','views','modified_time') list_display_links = ('id', 'title') actions_on_bottom = True search_fields = ['title'] list_editable = ['views'] # filter_horizontal=['user'] # date_hierarchy = 'modified_time' # exclude = ('user',) #排除某些字段在后台显示 #raw_id_fields = ('user',) # list_select_related = ('user', 'course') #指定某字段只能自己查看属于自己用户下的字段 def formfield_for_foreignkey(self, db_field, request, kwargs): if db_field.name == "user": kwargs["queryset"] = Userinfo.objects.filter(username=request.user) if db_field.name == "course": kwargs["queryset"] = Category.objects.filter(user=request.user) return super().formfield_for_foreignkey(db_field, request, kwargs)
评论 1
class CourseAdmin(admin.ModelAdmin): #指定用户只能查看自己用户下的东西 def get_queryset(self, request): qs = super(CourseAdmin, self).get_queryset(request) if request.user.is_superuser: return qs return qs.filter(user=request.user) list_display = ('id','title','course','user','views','modified_time') list_display_links = ('id', 'title') actions_on_bottom = True search_fields = ['title'] list_editable = ['views'] # filter_horizontal=['user'] # date_hierarchy = 'modified_time' # exclude = ('user',) #排除某些字段在后台显示 #raw_id_fields = ('user',) # list_select_related = ('user', 'course') #指定某字段只能自己查看属于自己用户下的字段 def formfield_for_foreignkey(self, db_field, request, kwargs): if db_field.name == "user": kwargs["queryset"] = Userinfo.objects.filter(username=request.user) if db_field.name == "course": kwargs["queryset"] = Category.objects.filter(user=request.user) return super().formfield_for_foreignkey(db_field, request, kwargs)