与Django权限系统混淆

Question

Django附带了一个简单的权限系统。它提供了一种为特定用户和用户组分配权限的方法。像这样：＆＃39; app_lable.model_name＆＃39;。这对django管理员来说可能很方便，但我认为当我用它来控制人们可以用它做什么时会很困难。

例如，如果我想控制某个用户是否可以发表评论或查看我网站的某些部分内容。我必须为他配置一个权限组，但为什么不添加像can_post或can_view_certain_portion这样的用户属性？它似乎更直观。 那么谁能帮助我理解这些事情呢？提前谢谢。

Answer 1

The reason to keep permissions in a separate model is to leverage groups.

So if you needed to change the permissions on many users at once you could simply update the permissions of the group they are assigned to.

Also since users can belong to more than one group you have more flexibility for customizating permissions per user.

Keep in mind vanilla django permissions are model based so if you need to limit changing only certain fields to different users you will need something more robust like django-guardian.