0

想象一下,您正在使用 django Guardian 进行一些对象级别的限制。

现在我有以下代码;管理员.py

class ControlAdmin(GuardedModelAdmin):
    prepopulated_fields = {"description": ("title",)}
    list_display = ('title', 'description', 'priority')
    search_fields = ('title', 'description')
    ordering = ('-title',)

现在我在数据库中选择了用户 maxdh 没有查看控件的权限,它检查出:

>>> control = Control.objects.first()
>>> checker = ObjectPermissionChecker(maxdh)
>>> checker.has_perm('change_control', control)
False
>>> checker.has_perm('view_control', control)
False

但是,当我转到为控件呈现表格的 html 时,我仍然可以看到该表格:

在此处输入图像描述

html:

    <div class="card-body">
        <div class="card-body">
            {% load django_tables2 %}
            {% render_table controls %}

我错过了什么?

我阅读了文档但无法识别

请帮忙!

4

1 回答 1

0

尝试了以下方法:

    {% load guardian_tags %}
    {% get_obj_perms request.user for Control as "control_perms" %}
    {% if "view_control" in control_perms %}
    <div class="card-body">
        <div class="card-body">
            {% load django_tables2 %}
            {% render_table controls %}
        </div>
    {% endif %}

然而导致

VariableDoesNotExist at /control/control
Failed lookup for key [Control] in [{'True': True, 'False': False, 'None': None}, {}, {}, {'paginator': None, 'page_obj': None, 'is_paginated': False, 'object_list': <SoftDeleteQuerySet [<Control: Go-live approval>]>, 'control_list': <SoftDeleteQuerySet [<Control: Go-live approval>]>, 'filter': <django_filters.filterset.ControlFilterSet object at 0x000002B9C2C8FE08>, 'form': <ControlForm bound=False, valid=False, fields=(title;description;activity;type;frequency;owner;reviewer1;reviewer2;priority;reviewer1_r;reviewer2_r;status;process;risk;bu;application;referencenumber)>, 'view': <app.views.ControlView object at 0x000002B9C2BAA948>, 'table': <django_tables2.tables.ControlAutogeneratedTable object at 0x000002B9C2D3D148>, 'controls': <SoftDeleteQuerySet [<Control: Go-live approval>]>}]
于 2021-07-01T11:13:04.857 回答