I've got some issue with user permissions in Django. I added some permissions for the Magasin model as shown below:
我对Django的用户权限有一些问题。我为Magasin模型添加了一些权限,如下所示:
add_magasin=Permission.objects.get(codename="add_magasin")
change_magasin=Permission.objects.get(codename="change_magasin")
delete_magasin=Permission.objects.get(codename="delete_magasin")
user.user_permissions.add(add_magasin)
user.user_permissions.add(change_magasin)
user.user_permissions.add(delete_magasin)
user.save()
then when I check the permission I get:
然后当我检查我得到的许可:
In [100]: user.has_perm(delete_magasin)
Out[100]: False
In [101]: user.has_perm(add_magasin)
Out[101]: False
In [102]: user.has_perm(change_magasin)
Out[102]: False
and in the admin, connected with the same user, I can add a Magasin instance, but not delete one ("Permission denied"). I can't even delete a Magasin instance with the superuser.
在admin中,连接到同一个用户,我可以添加一个Magasin实例,但是不能删除一个(“权限被拒绝”)。我甚至不能删除超级用户的Magasin实例。
I'm using Django 1.3 and I'm not using any external permission-related app...
我使用的是Django 1.3,我没有使用任何与许可相关的外部应用程序……
EDIT: sql queries
编辑:sql查询
mysql> select * from django_content_type;
+----+-----------------------+--------------+------------------+
| id | name | app_label | model |
+----+-----------------------+--------------+------------------+
***more stuff***
| 9 | magasin | securite_v2 | magasin |
***more stuff***
mysql> select * from auth_permission;
+----+----------------------------------+-----------------+-------------------------+
| id | name | content_type_id | codename |
+----+----------------------------------+-----------------+-------------------------+
***more stuff***
| 25 | Can add magasin | 9 | add_magasin |
| 26 | Can change magasin | 9 | change_magasin |
| 27 | Can delete magasin | 9 | delete_magasin |
***more stuff***
mysql> select * from auth_user where id=135;
+-----+---------------+------------+-----------+-------------------------------+-----------------------------------------------------+----------+-----------+--------------+---------------------+---------------------+
| id | username | first_name | last_name | email | password | is_staff | is_active | is_superuser | last_login | date_joined |
+-----+---------------+------------+-----------+-------------------------------+-----------------------------------------------------+----------+-----------+--------------+---------------------+---------------------+
| 135 | admingrandest | | | admingrandest@xxx.com | sha1$14f21$02a50f37be16f27aba3f677618b663edfb0ce5a7 | 1 | 1 | 0 | 2012-06-25 11:16:35 | 2012-06-22 16:42:46 |
+-----+---------------+------------+-----------+-------------------------------+-----------------------------------------------------+----------+-----------+--------------+---------------------+---------------------+
mysql> select * from auth_user_user_permissions;
+----+---------+---------------+
| id | user_id | permission_id |
+----+---------+---------------+
| 1 | 135 | 25 |
| 2 | 135 | 26 |
| 3 | 135 | 27 |
***more stuff***
What could be wrong?
可能是错的呢?
2 个解决方案
#1
2
The first argument of User.has_perm() have to be a string in <app label>.<permission codename> format. In you're code you're passing Permission instance as first argument, which get's evaluated to <app_label> | <content_type> | <name>, so has_perm will always return False.
User.has_perm()的第一个参数必须是
Instead use user.has_perm("<yourapp>.delete_magasin")
而不是使用user.has_perm(“< yourapp > .delete_magasin”)
#2
0
It seems it has to do with file permissions, not Django user permissions.
它似乎与文件权限有关,而不是Django用户权限。
#1
2
The first argument of User.has_perm() have to be a string in <app label>.<permission codename> format. In you're code you're passing Permission instance as first argument, which get's evaluated to <app_label> | <content_type> | <name>, so has_perm will always return False.
User.has_perm()的第一个参数必须是
Instead use user.has_perm("<yourapp>.delete_magasin")
而不是使用user.has_perm(“< yourapp > .delete_magasin”)
#2
0
It seems it has to do with file permissions, not Django user permissions.
它似乎与文件权限有关,而不是Django用户权限。