django - 如何设置django用户权限，一个用户拥有多个权限？

Question

我有以下想法。一名用户可以在多个公司工作。用户在其所在的每个公司中具有不同的权限。 下面的示例不起作用，因为一个用户始终拥有相同的权限。

我应该如何设置我的用户模型，使每个公司的一个用户拥有不同的权限？

这就是我到目前为止所尝试过的:

class User(AbstractUser):
    hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)

    class Meta:
        permissions = (("is_general", "Can add people to his company and see everything"),
                       ("is_captain", "Can add/edit/delete everything"),
                       ("is_staff", "Can add/edit/delete jobs"),
                       ("is_programmer", "Can do what he or she wants to do"))

    def clean(self):
        self.username = self.username.lower()


class Company(models.Model):
    name = models.CharField(max_length=80)
    slug = models.SlugField(unique=True)
    users = models.ManyToManyField(User, related_name="companies")

    class Meta:
        verbose_name_plural = "companies"

Answer 1

您为 ManyToManyField 定义一个模型 多对多关系通过它流动。

所以代替:

+---------+ M      N +-------------+ M      N +------------+
| Company |----------| User        |----------| Permission |
+---------+          +-------------+          +------------+
                     | permissions |
                     +-------------+

我们这样写:

+---------+ 1      N +-------------+ M      1 +------+
| Company |----------| UserCompany |----------| User |
+---------+          +-------------+          +------+
                            | M
                            |
                            | N
                     +------------+
                     | Permission |
                     +------------+

我们可以通过以下方式做到这一点:

from django.contrib.auth.models import Permission

class User(AbstractUser):

    def clean(self):
        self.username = self.username.lower()


class Company(models.Model):
    name = models.CharField(max_length=80)
    slug = models.SlugField(unique=True)
    users = models.ManyToManyField(User, <b>through='app.CompanyUser'</b>, related_name="companies")

    class Meta:
        verbose_name_plural = "companies"


class <b>CompanyUser</b>(models.Model):

    <b>user = models.ForeignKey('app.User', on_delete=models.CASCADE)</b>
    <b>company = models.ForeignKey('app.Company', on_delete=models.CASCADE)</b>
    <b>hourly_wage = models.DecimalField(decimal_places=2, max_digits=6, default=8.50)</b>
    <b>permissions = models.ManyToManyField(Permission, on_delete=models.CASCADE)</b>

您可能希望将其他逻辑转移到通过模型。例如hourly_wage可能也与( User ， Company )对相关，而不特定于 User本身。

因此，您可以向 UserCompany 添加权限与:

someusercompany.permissions.add(some_permission)

然后检查是否有 UserCompany拥有以下权限:

CompanyUser.objects.filter(
    user=some_user,
    company=some_company,
    some_permission=some_permission
).exists()

有关此内容的更多信息，请参阅 documentation about through parameter [django-doc] .