2

不久前我用 django 做过项目并切换到 rails。我在rails中发现了很多很酷的东西。我需要将一些功能添加回 django 项目。

Are there  Django equivalent of Rails cancan and devise ?
Is there  Django equivalent of Rails scheduler gem?

更新

对于 django 权限框架,我必须在每个视图中指定类似

@permission_required('polls.can_vote')
def my_view

我更喜欢 cancan 的方式,我可以在一个地方管理所有权限

  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.has_role? :admin
      can :manage, :all
    else
      can :manage, :all      
      cannot :users, Swimming::Student
    end   
  end
4

4 回答 4

1

您可以尝试使用 Django 的内置权限框架来代替cancanand devise。它符合您的需求吗?

在使用 Django 时, Celery可能是延迟和调度的最佳选择。有django-celery包将 Celery 与 Django 集成。

于 2013-10-14T17:09:27.303 回答
1

django-cancan是受 Rails cancan 启发的 Django 授权库。

首先,您定义每个用户的能力:

def define_access_rules(user, rules):
    # Anybody can view published articles
    rules.allow('view', Article, published=True)

    if not user.is_authenticated:
        return 

    # ... grant other abilities to logged in user

然后你可以在视图中使用它:

class ArticleDetailView(PermissionRequiredMixin, DetailView):
    def get_queryset():
        # this is how you can retrieve all objects that current user can access
        qs = self.request.ability.queryset_for('view', Article)
        return qs

    def has_permission(self):
        article = self.get_object()
        # this is how you can check if user can access an object
        return self.request.ability.can('view', article)

或在模板中:

{% if ability|can:"change"|subject:article %}
    <a href="{% url 'article_edit' pk=article.id %}">Edit article</a>
{% endif %}
于 2020-11-24T09:02:57.037 回答
1

像 cancan 这样的重新权限。

我正在使用djang-rules,最终结果看起来/功能很像 cancan。

模型/用户.py

class User(AbstractBaseUser, PermissionsMixin):
    # ...
    def has_perm(self, name, obj=None):
        rset = self.__ruleset
        return rset.test_rule(name, self, obj)

    @property
    def __ruleset(self):
        from models.rules import (
            ManagerRuleSet, EmployeeRuleSet, GuestRuleSet
        )

        if self.group.is_manager:
            return ManagerRuleSet(self)
        elif self.group.is_employee:
            return EmployeeRuleSet(self)
        else:
            return GuestRuleSet(self)

模型/规则.py

from rules import RuleSet


class InvalidUser(Exception):
    pass


class BaseRuleSet(RuleSet):
    def __init__(self, user):
        super()


class ManagerRuleSet(BaseRuleSet):
    def __init__(self, user):
        super()
        if user and not user.group.is_owner:
            raise InvalidUser("instantiated OwnerRuleSet with user in {} group",
                                    user.group.name)

        # Calendar permissions (pass appointment or schedule event)
        self.add_rule('calendar.can_view_calendar', rules.always_true)
        self.add_rule('calendar.can_manage_schedule',
                      is_own | has_accepted_invite)

示例视图.py

def index(request, id):
    calendar = Calendar.objects.get(id=id)

    if not request.user.has_perm('calendar.can_manage_schedule', calendar):
        return HttpResponseForbidden()
    # ...
于 2018-04-09T18:40:45.790 回答
0

Djoser是处理身份验证和密码重置的好包。它是 Django 中设计的替代品

于 2020-01-13T12:37:36.217 回答