Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”.

1. Djangos permission system auth module — Group model

Django. Contrib. Auth. Models. Group defines the model of user groups, each user Group with id and name the two fields, the model in the database is mapped to auth_group data tables.

The User object has a many-to-many field called Groups, and the many-to-many relationship is maintained by the Auth_user_Groups data table. Group object You can use user_set to query users in a user Group.

We can add or remove user groups by creating a delete Group object:

Functions used by import:

from django.contrib.auth.models import Group 
Copy the code

(1) Add user group — add

group = Group.objects.create(name=group_name)
group.save()
Copy the code

Delete user group — del

group.delete()
Copy the code

We can manage the relationship between users and user groups through standard many-to-many field operations:

Note: The following user is the obtained user instance, and the group is also the obtained group instance. Objects.get (id=1) group = group.objects.get (id=1)

  • Add a user to a user group: user.groups.add(group) or group.user_set.add(user)

  • Remove (group) or group.user_set.remove(user).

  • User exits all user groups: user.groups.clear()

  • All users in a user group exit the group: group.user_set.clear()

2. The — Permission model in the Django Permission system auth module

Django’s Auth system provides model-level permissions that check if a user has add, change, or delete permissions on a table.

The Auth system cannot provide object-level permission control, that is, check whether a user has the permission to add, modify, or delete a record in the data table. You can use Django-Guardian if you need object-level permission control. Assuming that there is an Article data table in the blog system to manage posts, Auth can check whether a user has administrative rights to all posts, but not to a single post.

Check the “auth_permission” table in the database, which contains permissions for all tables that are created and added to the table (you’ll notice that the name of the permission for the corresponding table is formed by the name of its model class!).

Knowledge depot:

  1. Each model has add, change, and Delete permissions by default. In django. Contrib. Auth. Models. All permissions Permission model, save the project.

  2. This model is stored in the database as an Auth_Permission data table. Each permission has four fields: ID,name, content_type_ID, and codename.

① Check user permissions:

The user.has_perm method is used to check whether a user has permission to operate on a model:

user.has_perm(‘blog.add_article’) user.has_perm(‘blog.change_article’) user.has_perm(‘blog.delete_article’)

  • The above statement checks if the user has permission to add to the Article model in the blog app, and returns True if the user has permission.

  • Has_perm only checks permissions, even if the user does not have permissions.

Permission_required decorator

The permission_required decorator can replace has_perm and redirect the user to the login page or throw an exception if the user does not have the appropriate permissions.

@permission_required(appname.codename) add view setting permissions to blogs in the app named blog:

from django.contrib.auth.decorators import permission_required

@permission_required('blog.add_blogmodel')		# set permissions for the corresponding view, so that all users except the super user lose the set permissions! Any four permissions can be set in this way!
def add_get_post(request) :.Copy the code

In this way, only users with this permission can access the front-end page corresponding to the view function (note: if you are a superuser, you have all permissions).

Even if you log in as a normal user, it will fail and automatically redirect you to a page that your settings.py file did not have enough permissions to redirect to! (Here is the login page.)

③ Managing user rights — Single user management && Group management:

The first one: single-user management!

User and Permission are associated by many-to-manfield user.user_permissions and are maintained in the database by the Auth_user_user_Permissions data table.

  • Add permission: user.user_permissions. Add (permission)

  • Delete permission: user.user_permissions. Delete (permission)

  • Clear permissions: user.user_permissions. Clear ()

Practical use – Add permissions to specified users (directly from the blog example above) :

You can see from the auth_permission permission table: If you want to add permissions to a given user, you can do this by performing a many-to-many operation on the table auth_user and the intermediate table auth_permissons, auth_user_user_permissions. That is, let the specified user and the permission to add a relationship! (Add many-to-many table relationships)

① Note: import permission table!

② Figure a convenient, directly find a view in the operation:

③ Now if you visit the blog add page, even if you log in to the ordinary user (ID: 1) will find that you can also access, this means that WE have successfully added to the ordinary user add permission!

Second: group management!

A user has the permissions of the user group to which he belongs. It is a more convenient way to manage permissions using the user group. The Group contains multi-pair, multi-field permissions, which is maintained in the database by the Auth_group_Permissions data table.

  • Add permission: group.permissions. Add (permission)

  • Delete permission: group.permissions. Delete (permission)

  • Clear permissions: group.permissions. Clear ()

Practical use – Add permissions to groups (directly from the blog example above) :

How to understand? Just think of the above to add permissions to a few users is not very troublesome, but if you want to add permissions to a lot of users is not very troublesome, so the concept of adding permissions to groups. We can set the delete permissions to a group; View permissions set to a group… If there are dozens of users who need to add view permissions, just drop them all into the view permissions group! And if you want to have access to the user’s permission to change or upgrade, this is also very convenient!

Structure of group information table:

① Note: Import the group information table

② Create a group by observing the structure of the group information table:

③ Add permissions to the newly created group. :

④ Add a user to a group and explain how to add a user to a group that has permissions:

⑤ Now if you visit the blog add page, even if you log in to the ordinary user (ID: 3), you will find that you can also access it, which means that WE have successfully added the add permission for this ordinary user!

🔆 In The End!

Start now, stick to it, a little progress a day, in the near future, you will thank you for your efforts!

This blogger will continue to update the basic column of crawler and crawler combat column, carefully read this article friends, you can like the collection and comment on your feelings after reading. And can follow this blogger, read more crawler in the days ahead!

If there are mistakes or inappropriate words can be pointed out in the comment area, thank you! If reprint this article please contact me for my consent, and mark the source and the name of the blogger, thank you!