django 1.5+ 权限设计浅析

权限关系图

django 1.5+ 权限设计浅析_第1张图片

依赖app:

   django.contrib.auth

   django.contrib.contenttype

 

admin后台的权限控制解析

(path/to/django.contrib.admin/sites.py 394-449 -- django 1.6.5版本)

先判断是否有模块权限,然后再判断是否有模型权限,有则添加相应的按钮(add/modify);

has_module_perms = user.has_module_perms(app_label)
        app_dict = {}
        for model, model_admin in self._registry.items():
            if app_label == model._meta.app_label:
                if has_module_perms:
                    perms = model_admin.get_model_perms(request)

                    # Check whether user has any perm for this module.
                    # If so, add the module to the model_list.
                    if True in perms.values():
                        info = (app_label, model._meta.model_name)
                        model_dict = {
                            'name': capfirst(model._meta.verbose_name_plural),
                            'object_name': model._meta.object_name,
                            'perms': perms,
                        }
                        if perms.get('change', False):
                        ...

  

至于删除,则是在相应的删除视图里面(path/to/django.contrib.admin/options.py 1456 ~ 1461行 django1.6.5)控制的,先读取,然后判断,没有则抛出PermissionDenied异常。

        (deleted_objects, perms_needed, protected) = get_deleted_objects(
            [obj], opts, request.user, self.admin_site, using)

        if request.POST:  # The user has already confirmed the deletion.
            if perms_needed:
                raise PermissionDenied

    总结下,admin后台的控制比较简单,而且漏了一种情况,查看权限。这个设计也不是很优雅。

 

转载请注明本文来自:http://www.cnblogs.com/Tommy-Yu/p/4054250.html,谢谢!

你可能感兴趣的:(django)