如何使编外用户访问 Django 管理站点?

How to make Django admin site accessed by non-staff user?(如何使编外用户访问 Django 管理站点?)

问题描述

I would like to implement a 2nd admin site which provides a subset of feature of the primary admin site. That's possible and described in the Django docs

However, I would like to limit access on the primary admin site. Some users can access the 2ndary site but not the primary site.

In order to implement that feature, I would like these users not to be in the staff (is_staff=False) and rewrite the AdminSite.has_permission

class SecondaryAdminSite(AdminSite):
    
    def has_permission(self, request):
        if request.user.is_anonymous:
            try:
                username = request.POST['username']
                password = request.POST['password']
            except KeyError:
                return False
            try:
                user = User.objects.get(username = username)
                if user.check_password(password):
                    return user.has_perm('app.change_onlythistable')
                else:
                    return False
            except User.DoesNotExist:
                return False
        else:
            return request.user.has_perm('app.change_onlythistable')

Unfortunately, this approach doesn't work. The user can login but can't see anything in the secondary admin site.

What's wrong with this approach? Any idea how to implement this feature?

Thanks in advance

I think that your approach should now be possible: http://code.djangoproject.com/ticket/14434 (closed 5 weeks ago)

However, the explicit "is_staff" check is still done in two places (apart from the staff_member_required decorator):

• django.contrib.admin.forms.AdminAuthenticationForm.clean()

  On top of "has_permission()" you'd need to provide your non-staff AdminSite with a "login_form" that doesn't do the is_staff check, so could just subclass and adjust clean() accordingly.

• templates/admin/base.html

  would need to be slightly customized. The div with id "user-tools" is only shown for active staff members. I'm assuming that's done because the login form also uses this template, and someone could be logged in as an active non-staff member but still should'nt see those links.

这篇关于如何使编外用户访问 Django 管理站点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！