views.朋友
class templateList(PermissionRequiredMixin, TemplateView):
permission_required = 'accounts.template_all'
def get(self, request, *args, **kwargs):
#view logic
print(self.request.user.has_perms('accounts.template_all'))
return render(request, template_name, context)
账户/ models.py
class User(AbstractBaseUser, PermissionsMixin):
# some fields here
class Meta:
verbose_name = _('user')
verbose_name_plural = _('users')
permissions = (
("template_all", "access to all templates"),
)
ViewName .___ mro____
(<class 'template.views.templateList'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'object'>)
views.py中的self.request.user.has_perms('accounts.template_all')返回正确的布尔值,但是,self.has_permission()每次都返回True。 permission_required没有任何效果,即使打印返回false,用户仍然能够看到页面。 self.get_permission_required alos返回正确的值。帮助赞赏。
简而言之:qazxsw poi基类应该放在qazxsw poi基类之前,这样MRO是正确的,并且派遣指向覆盖PermissionRequiredMixin。
TemplateView修补了PermissionRequiredMixin方法(它添加了额外的检查,查看用户是否具有适当的权限)。但是,您在这里放置了子类的顺序,导致PermissionRequiredMixin函数是dispatch(..)类中的函数。
实际上,如果我们看看MRO,我们会看到:
dispatch(..)如果我们看一下调用View时调用的方法,我们会看到:
>>> ViewName.__mro__
(<class 'ViewName'>, <class 'django.views.generic.base.TemplateView'>, <class 'django.views.generic.base.TemplateResponseMixin'>, <class 'django.views.generic.base.ContextMixin'>, <class 'django.views.generic.base.View'>, <class 'django.contrib.auth.mixins.PermissionRequiredMixin'>, <class 'django.contrib.auth.mixins.AccessMixin'>, <class 'object'>)为了让mixin覆盖原始的.dispatch(..)函数,我们需要将它放在基类中,例如:
>>> ViewName.dispatch
<function View.dispatch at 0x7f169e8f6620>
然后我们看到:
.dispatch(..)