限制用户查看Django中基于模型字段值的详细视图
限制用户查看Django中基于模型字段值的详细视图
提问于 2022-11-10 20:40:42
我正在学习并有一个变更管理项目,其中我的模型包含字段confidential (默认情况下是False ),但是在实例创建过程中,所谓的initiator可以将其标记为True。这基本上意味着只有当前记录的一部分(即signees )中的用户才能打开并查看实例。我试图在我的get_queryset上应用DetailView覆盖:
# MOC DetailView
class MocDetailView(LoginRequiredMixin, DetailView):
model = Moc
template_name = 'moc/moc_detail.html'
def get_queryset(self, *args, **kwargs):
qs = super().get_queryset(*args, **kwargs)
for obj in qs:
print(obj)
confidential = obj.confidential
initiator = obj.initiator
coordinators = obj.coordinators.all()
reviewers = obj.reviewers.all()
approvers = obj.approvers.all()
preimplements = obj.preimplements.all()
authorizers = obj.authorizers.all()
postimplements = obj.postimplements.all()
closers = obj.closers.all()
if initiator and initiator == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(initiator=self.request.user))
return qs
for signee in coordinators:
coordinator_name = signee.coordinator_name
if coordinator_name and coordinator_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(coordinators__coordinator_name=self.request.user))
return qs
for signee in reviewers:
reviewer_name = signee.reviewer_name
if reviewer_name and reviewer_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(reviewers__reviewer_name=self.request.user))
return qs
for signee in approvers:
approver_name = signee.approver_name
if approver_name and approver_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(approvers__approver_name=self.request.user))
return qs
for signee in preimplements:
actionee_name = signee.actionee_name
if actionee_name and actionee_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(preimplements__actionee_name=self.request.user))
return qs
for signee in authorizers:
authorizer_name = signee.authorizer_name
if authorizer_name and authorizer_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(authorizers__authorizer_name=self.request.user))
return qs
for signee in postimplements:
actionee_name = signee.actionee_name
if actionee_name and actionee_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(postimplements__actionee_name=self.request.user))
return qs
for signee in closers:
closer_name = signee.closer_name
if closer_name and closer_name == self.request.user and confidential == True:
qs = qs.filter(Q(confidential=True) & Q(closers__closer_name=self.request.user))
return qs这允许用户只允许那些是我的signees的用户,但是如果我的confidential字段是False,他们中没有人能够打开那些模型实例。
有什么地方我在这里引入逻辑允许非机密模型实例的直接打开吗?
感谢你的帮助..。
更新
# MOC model
class Moc(models.Model):
moc_status = FSMField(choices=STATES, default='draft', protected=False)
initiator = models.ForeignKey(User, blank=True, null=True, on_delete=models.CASCADE)
area = models.ForeignKey(Area, related_name='area_moc', blank=True, null=True, on_delete=models.CASCADE)
category = models.ForeignKey(Category, related_name='category_moc', blank=True, null=True, on_delete=models.CASCADE)
confidential = models.BooleanField(default=False)
# Verifier model
class Verifier(models.Model):
moc = models.ForeignKey(Moc, related_name='verifiers', on_delete=models.CASCADE, default='1')
verifier_group = models.CharField(max_length=36, blank=True, null=True)
verifier_name = models.ForeignKey(User, blank=True, null=True, on_delete=models.CASCADE,)
verify_due = models.DateField(blank=True, null=True)
# Coordinator model
class Coordinator(models.Model):
moc = models.ForeignKey(Moc, related_name='coordinators', on_delete=models.CASCADE, default='1')
cooridnator_group = models.CharField(max_length=36, blank=True, null=True)
coordinator_name = models.ForeignKey(User, blank=True, null=True, on_delete=models.CASCADE,)
coordinator_due = models.DateField(blank=True, null=True).因此,上述所有名单所列的受让人.
回答 1
Stack Overflow用户
回答已采纳
发布于 2022-11-12 20:29:41
我通过以下代码修改来解决这个问题:
class MocDetailView(LoginRequiredMixin, DetailView):
model = Moc
template_name = 'moc/moc_detail.html'
context_object_name = 'moc'
def get_object(self, queryset=None):
obj = super(MocDetailView, self).get_object(queryset=queryset)
print(obj)
confidential = obj.confidential
initiator = obj.initiator
# verifiers = obj.verifiers.all()
verifier = obj.verifiers.filter(verifier_name=self.request.user)
print(verifier)
# coordinators = obj.coordinators.all()
coordinator = obj.coordinators.filter(coordinator_name=self.request.user)
print(coordinator)
# reviewers = obj.reviewers.all()
reviewer = obj.reviewers.filter(reviewer_name=self.request.user)
print(reviewer)
# approvers = obj.approvers.all()
approver = obj.approvers.filter(approver_name=self.request.user)
print(approver)
# preimplements = obj.preimplements.all()
preimplement = obj.preimplements.filter(actionee_name=self.request.user)
print(preimplement)
# authorizers = obj.authorizers.all()
authorizer = obj.authorizers.filter(authorizer_name=self.request.user)
print(authorizer)
# postimplements = obj.postimplements.all()
postimplement = obj.postimplements.filter(actionee_name=self.request.user)
print(postimplement)
# closers = obj.closers.all()
closer = obj.closers.filter(closer_name=self.request.user)
print(closer)
if self.request.user.is_superuser or initiator == self.request.user or verifier or coordinator or reviewer or approver or preimplement or authorizer or postimplement or closer and confidential == True:
return obj
elif not confidential:
return obj
else:
raise Http404()页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74395092
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号