Django admin permission configuration (Class-level configuration and field-level configuration)

A common Django admin feature is its permission system, which can be expanded to include low-level permissions. By default, admin can fine-grained control of roles and permissions, but these roles are only applied to the class level: users can modify all articles or only published articles. Only users can modify specific objects. This is often referred to as low-level permissions because they can only modify table rows in a specific database. Comprehensive permissions allow you to modify any records in the table. In the example application, you may only want users to see the articles they have created. 1. create Articleclass Article (models. model): author = models. foreignKey (Employee, verbose_name = 'registrant ') title = models. charField ('title', max_length = 20) times = models. dateTimeField ('release time', auto_now = True) hits = models. integerField ('clicks ', max_length = 1, null = True, blank = True, default = 0) content = models. textField ('content', null = True, blank = True,) comment = models. manyToManyField (Comment, verbose_name = 'comments', null = True, bla Nk = True,) 2. create admin. py, modify class ArticleAdmin (admin. modelAdmin): list_display = ('author', 'title',) readonly_fields = ('comment',) # If the value of 'author' is None, this is a new record that has not been saved. # (You can also check whether change is false, which indicates whether to add a record, # But check whether 'autor' is null to indicate whether to enter a record other than admin ). # Another low-level permission is to restrict the document list to the user who created them. The ModelAdmin class provides a hook program for this purpose-it has a method named queryset (), # This method can determine the default query set returned on any list page. Def save_model (self, request, obj, form, change): if getattr (obj, 'author', None) is None: print obj. author, '----------------- obj. author 'obj. author = request. user obj. last_modified_by = request. user obj. save () def queryset (self, request): qs = super (ArticleAdmin, self ). queryset (request) # If super-user, show all comments if request. user. is_superuser: return qs. filter (author = request. user)