如果客户登录并且他有权查看管理员提供给他的数据,则他将在登录后看到该数据,但是如果管理员未授予他权限,则会显示此消息,您无权查看这一页
就我而言,无论给予管理员的许可,此消息始终出现,您无权查看此页面
from .decorators import unathenticated_user, allowed_users
from django.contrib.auth.models import Group
@login_required(login_url='loginpage')
@allowed_users(allowed_roles=['active', 'staff'])
def adminpage(request):
return render(request, 'Homepage/adminsite.html')
def loginpage(request):
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
username = request.POST['username']
request.session['username'] = username
return redirect('adminpage')
else:
return render(request, 'Homepage/adminlogin.html')
return render(request, 'Homepage/adminlogin.html')
这是我的decorators.py
from django.http import HttpResponse
from django.shortcuts import redirect
def unathenticated_user(view_func):
def wrapper_func(request, *args, **kwargs):
if request.user.is_authenticated:
return redirect('loginpage')
else:
return view_func(request, *args, **kwargs)
return wrapper_func
def allowed_users(allowed_roles=[]):
def decorator(view_func):
def wrapper_func(request, *args, **kwargs):
group = None
if request.user.groups.exists():
group = request.user.groups.all()[0].name
if group in allowed_roles:
return view_func(request, *args, **kwargs)
else:
return HttpResponse('You are not authorized to view this page')
return wrapper_func
return decorator
这是我的管理网站(权限)
这是我的登录名
登录后
