python - 根据 django-guardian 权限覆盖 get_queryset

Question

我试图get_queryset根据用户从 django Guardian 获得的对象权限进行覆盖，以便只有对象是可见的，用户有权访问这些对象。

def get_queryset(self, request):
    if request.user.is_superuser:
        qs = super(MyAdminInline, self).get_queryset(request)
        return qs  

    for item in MyModel.objects.all():
        for perm in get_perms(request.user, item):
            things_user_can_see = get_objects_for_user(request.user, perm)
            return things_user_can_see

可悲的是，这实际上什么都不做，并且所有项目，无论用户拥有什么权限，都是可见的。

score 3 · Accepted Answer

Firstly, you need to understand what permissions are required for your view. Then, accordingly to those permissions fetch objects.

If you don't know permissions for object, then you can filter your objects, by all permissions related to model.

Docs for fetching:

from guardian.shortcuts import get_objects_for_user, get_perms_for_model

class MyAdminInline():
    def get_queryset(self, request):
        if request.user.is_superuser:
            qs = super(MyAdminInline, self).get_queryset(request)
            return qs  

        all_model_perms = get_perms_for_model(MyModel)
        return get_objects_for_user(request.user, all_model_perms)

And that's all! Without looping over every-single object, checking permissions and returning the wrong way.

python - 根据 django-guardian 权限覆盖 get_queryset

1 回答 1

Related

Reference