我想根据成员包检查user.profile是否具有查看所有利益对象的权限。(如果用户没有访问权限,则他应该能够看到对象的某些字段(名称和包)
如果用户具有memberpackagePackage1
并正在查看中的权益,则Package1
他应该能够看到该body
字段。如果用户具有memberpackage,则Package2
他应该看不到该body
字段。
这可能吗?也许这可以通过templatetag来完成?{% if user_has_access_to_benfit %}
它会返回true或false。
像这样的东西:
{{ object.name }}
{% if user_has_access_to_benfit %}
{{ object.body }}
{% else %}
<p>Sorry! You don't have access to this object.</p>
{% endif %}
--
这是我根据答案尝试过的方法:
class Profile(models.Model):
user = models.OneToOneField(User)
memberpackage = models.ForeignKey(Package, blank=True, null=True)
class Package(models.Model):
name = models.CharField(max_length=200)
class Benefit(models.Model):
PUBLISHED = 'P'
DRAFT = 'U'
PULLED = 'X'
name = models.CharField(max_length=200)
body = models.TextField(blank=True, null=True, help_text="Only visible to those members in the same memberpackage")
package = models.ManyToManyField(Package, blank=True, null=True, related_name="in_package")
status = models.CharField(max_length=1, choices=STATUS_CHOICES, default=DRAFT)
def is_viewable_by(self, user):
return self.package.filter(id=user.profile.memberpackage_id).exists()
如果我这样做(受益方为B资本)
#View for listing one benefit
class BenefitDetailView(DetailView):
template_name_field = 'template_name'
model = Benefit
queryset = Benefit.objects.exclude(status="X")
def get(self, request, *args, **kwargs):
if request.user.is_authenticated():
context['user_has_access_to_benfit'] = Benefit.is_viewable_by(request.user)
我收到此错误:
unbound method is_viewable_by() must be called with Benefit instance as first argument (got User instance instead)
尝试另一种方式
#View for listing one benefit
class BenefitDetailView(DetailView):
template_name_field = 'template_name'
model = Benefit
queryset = Benefit.objects.exclude(status="X")
def get(self, request, *args, **kwargs):
if request.user.is_authenticated():
user_has_access_to_benfit = Benefit.objects.filter(package = request.user.profile.memberpackage).exists() #Hoping this function returns true or false
#The user is not logged in, user_has_access_to_benfit should be set to False
else:
user_has_access_to_benfit = False
def get_context_data(self, **kwargs):
# Call the base implementation first to get a context
context = super(BenefitDetailView, self).get_context_data(**kwargs)
# Add in a extra context
context['user_has_access_to_benfit'] = user_has_access_to_benfit
return context
但是我得到了错误: The view app.views.BenefitDetailView didn't return an HttpResponse object.
不知道是否有另一种进入request.user.is_authenticated()
DetailView的方法吗?
在您的Benefit
课程中:
Benefit(models.Model):
...
def is_viewable_by(self, user):
return self.package.filter(id=user.profile.memberpackage_id).exists()
在您的BenefitDetailView
课程中:
BenefitDetailView(DetailView):
def get_context_data(self, **kwargs):
context = super(BenefitDetailView, self).get_context_data(**kwargs)
if self.object and self.request.user.is_authenticated():
context.update({ 'has_benefit_access': self.object.is_viewable_by(self.request.user)})
return context
与is_viewable_by
实例方法(而不是类方法)一样,您需要在的实例上调用它Benefit
。self.object
是您要使用的实例。该request
对象在View
as的每个子类中均可用self.request
。
如果不是每个通过身份验证的用户都具有关联的配置文件,请记住这is_viewable_by
将引发ObjectDoesNotExist
需要捕获的异常。
在这种情况下,绝对不需要重写该get
方法,但是如果这样做,则需要返回一个HttpResponse
对象。确保这一点的最简单方法是返回超类的get
方法的值:
class BenefitDetailView(DetailView):
def get(self, request, *args, **kwargs):
# ***do stuff***
return super(BenefitDetailView, self).get(request, *args, **kwargs)
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句