1. 技术文章
  2. how to add Permissions in Django to Models and Test it using the shell

how to add Permissions in Django to Models and Test it using the shell

我的梦境 提交于 2019-12-20 10:06:04

问题


I added the Meta class in my model and synchronized the DB then created an object in the shell it returns false so i really cant understand where is the error or what is missing is there some sort of configuration maybe in some other files .. 

class Employer(User): # Employer inherits from User
    employer_verified = models.BooleanField(default=False)

    class Meta:
        permissions = (
            ("is_member", "Friendly permission description"),
        )

emp = Employer.objects.create(blablabla)
emp.save()
emp.has_perm('myappname.is_member')

回答1:


In the example you gave, I would expect emp.has_perm('myappname.is_member') to indeed be False. Unless you explicitly give the new Employer object the is_member permission, it won't have it.

To programmatically give it the permission you need to get the actual permission object and add it to the Employer's user_permissions:

from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType

content_type = ContentType.objects.get_for_model(Employer)
permission = Permission.objects.get(content_type=content_type, codename='is_member')

emp = Employer.objects.create(blablabla)
emp.save()
emp.user_permissions.add(permission)

To test it in the shell, you may need to delete the permission cache that is created for each user- otherwise has_perm may not reflect the actual permissions:

delattr(emp, '_perm_cache')

Responding to your questions:

If you want every single Employer to have the is_member permission there are a few options:

  1. Override the save method of Employer to check if there is no self.pk (which means it is a new object, and create the permission as I showed above after saving. Not very pretty, but it would work.

  2. Write your own authentication backend. If the permission code is 'is_member' and the User has an Employer instance, return True

  3. Don't use permissions. The permission system is designed for you to be able to dynamically grant and revoke permissions. If you only care whether a User is an Employer- then test for that. Don't complicate it by using permissions.



来源:https://stackoverflow.com/questions/10252332/how-to-add-permissions-in-django-to-models-and-test-it-using-the-shell

标签
python
django
django-models
django-forms
django-admin
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!