django admin 的有效用例?
问题描述
我想建立一个 django 站点,让某些受信任的用户可以编辑他们的个人资料信息.让每个受信任的用户都通过 django 管理界面有意义吗?我只希望他们能够查看和编辑自己的信息(显然).这似乎不符合 django 人定义信任"的方式,尤其是粗体字...
I want to build a django site where a certain group of trusted users can edit their profile information. Does it make sense to have each trusted user go through the django admin interface? I'd only want them to be able to see and edit their own information (obviously). It doesn't seem like this fits the way the django people define "trust", especially the bolded bit...
来自 Django 书,第 18 章:
管理员旨在供以下人员使用你,开发者,信任的人.这不仅仅意味着那些已通过身份验证;"它的意思是Django 假设你的内容编辑可以被信任做正确的事东西.
The admin is designed to be used by people who you, the developer, trust. This doesn’t just mean "people who have been authenticated;" it means that Django assumes that your content editors can be trusted to do the right thing.
这意味着没有批准"编辑内容的过程——如果你相信你的用户,没有人需要批准他们的编辑.这也意味着权限系统,而功能强大,不支持限制基于每个对象的访问.如果你相信某人编辑他们自己的故事,你相信他们不会编辑其他人未经许可.
This means that there’s no "approval" process for editing content — if you trust your users, nobody needs to approve of their edits. It also means that the permission system, while powerful, has no support for limiting access on a per-object basis. If you trust someone to edit their own stories, you trust them not to edit anyone else’s without permission.
这是适合 django 管理模块的用例之一,还是只是为不受信任的用户提供的专用视图?
Is this one of those use cases that fits with django's admin module, or is it just a specialized view for a non-trusted user?
解决方案
不,Django 管理员不适合单个用户配置文件,每个用户都可以查看和编辑所有其他用户配置文件.这更适合需要同时管理所有用户的管理员.
No, the Django admin is not suited for individual user profiles, each user would be able to see, and edit, all other user profiles. This is suited more to an administrator who has to manage all the users at once.
您需要构建的是用户个人资料页面.Django 已经有了一个不错的登录系统,由 django.contrib.auth 模块提供.您可以轻松地将其集成到您的页面中,这正是 Django 管理员用来验证用户的方式.
What you need to build is a user profile page. Django already has a nice login system courtesy of the django.contrib.auth module. You can easily integrate this into your pages, and its exactly what the Django admin uses to authenticate users.
接下来,您必须构建一个简单的页面,根据用户模型公开该特定用户的个人资料信息.这应该相对轻松,因为它只需要一个视图和一个模板,并且模板可以利用 ModelForms.
Next you'll have to build a simple page that exposes that specific user's profile information based on their User model. This should be relatively painless as it will only require one view and one template, and the template can take advantage of ModelForms.
相关文章