在 Django 中,User、Group 和 Permission 是权限系统的核心组件。下面通过代码示例演示它们的 CRUD(创建、读取、更新、删除) 操作:
一、User 模型 CRUD
python
from django.contrib.auth.models import User
# 创建用户
user = User.objects.create_user(
username='alice',
email='alice@example.com',
password='securepassword'
)
# 读取用户
user = User.objects.get(username='alice') # 获取单个用户
users = User.objects.all() # 获取所有用户
active_users = User.objects.filter(is_active=True) # 过滤查询
# 更新用户
user.email = 'new_email@example.com'
user.is_staff = True
user.save()
# 删除用户
user.delete()二、Group 模型 CRUD
python
from django.contrib.auth.models import Group, Permission
# 创建组
group = Group.objects.create(name='编辑组')
# 读取组
group = Group.objects.get(name='编辑组')
groups = Group.objects.all()
# 更新组
group.name = '高级编辑组'
group.save()
# 删除组
group.delete()
# 为组分配权限
permission = Permission.objects.get(codename='add_post')
group.permissions.add(permission) # 添加单个权限
group.permissions.remove(permission) # 移除单个权限
group.permissions.clear() # 清空所有权限三、Permission 模型 CRUD
python
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
from myapp.models import Article # 假设 Article 是你的模型
# 创建自定义权限(通常通过模型的 Meta 类定义)
content_type = ContentType.objects.get_for_model(Article)
permission = Permission.objects.create(
codename='can_publish',
name='Can publish articles',
content_type=content_type
)
# 读取权限
permission = Permission.objects.get(codename='can_publish')
permissions = Permission.objects.filter(content_type=content_type)
# 更新权限
permission.name = 'Can publish and unpublish articles'
permission.save()
# 删除权限
permission.delete()四、关联操作
1. 用户与组的关联
python
user = User.objects.get(username='alice')
group = Group.objects.get(name='编辑组')
user.groups.add(group) # 用户加入组
user.groups.remove(group) # 用户退出组
user.groups.clear() # 用户退出所有组
user.groups.set([group]) # 用户只属于指定组2. 用户与权限的直接关联
python
permission = Permission.objects.get(codename='add_post')
user.user_permissions.add(permission) # 直接为用户分配权限
user.user_permissions.remove(permission) # 移除用户权限
user.user_permissions.clear() # 清空用户所有权限五、查询示例
1. 获取用户的所有权限
python
user = User.objects.get(username='alice')
all_permissions = user.get_all_permissions() # 返回权限字符串集合2. 检查用户是否有某个权限
python
if user.has_perm('myapp.add_article'):
print("用户有权限")
else:
print("用户无权限")3. 获取组的所有成员
python
group = Group.objects.get(name='编辑组')
users_in_group = group.user_set.all()六、特殊操作
1. 创建超级用户
python
# 方法 1:命令行创建
python manage.py createsuperuser
# 方法 2:代码创建
User.objects.create_superuser(
username='admin',
email='admin@example.com',
password='adminpassword'
)2. 修改用户密码
python
user = User.objects.get(username='alice')
user.set_password('new_secure_password')
user.save()七 模型关系图
权限与角色(组)相关联,用户通过称为适当角色(组)的成员而得到这些角色(组)的权限
极大的简化了权限的管理(相互依赖)
Django的Auth组件(app)采用的认证规则就是RBAC
1 User表 :存用户信息
2 Permission表 :存权限
3 Role表 :存角色(组)
4 Group_Role中间表 :权限赋予角色(多对多)
5 User_Group中间表 :角色赋予用户(多对多)
6 User_Permission中间表 :权限临时赋予角色(多对多)
'''
ps:
1 Django后台管理admin自带RBAC
'''
八 手动实现一下关联关系
python
from django import models
from datetime import datetime, timezone
class Permission(models.Model):
"""
权限表
"""
name = models.CharField(max_length=255)
codename = models.CharField(max_length=100)
class Group(models.Model):
"""
分组表
"""
name = models.CharField(max_length=150)
permissions = models.ManyToManyField(
Permission,
through='GroupPermission', # 指定模型
through_fields=('group', 'permission'), # 指定字段
blank=True
)
class User(models.Model):
"""
用户表
"""
username = models.CharField(max_length=150)
password = models.CharField(max_length=128)
email = models.EmailField(max_length=254)
fist_name = models.CharField(max_length=30, blank=True)
last_name = models.CharField(max_length=150, blank=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
last_login = models.DateTimeField(null=True, blank=True)
date_joined = models.DateTimeField(null=True, default=timezone.now)
groups = models.ManyToManyField(
Group,
through='UserGroup', # 指定模型
through_fields=('user', 'group'), # 指定字段
blank=True
)
user_permissions = models.ManyToManyField(
Permission,
through='UserPermission', # 指定模型
through_fields=('user', 'permission'), # 指定字段
blank=True
)
class UserGroup(models.Model):
"""
用户和分组关系表
"""
user_id = models.ForeignKey(User, on_delete=models.CASCADE)
group_id = models.ForeignKey(Group, on_delete=models.CASCADE)
class UserPermission(models.Model):
"""
用户和权限关系表
"""
user_id = models.ForeignKey(User, on_delete=models.CASCADE)
permission_id = models.ForeignKey(Permission, on_delete=models.CASCADE)九 自动关联关系
python
class Permission(models.Model):
"""
权限表
"""
name = models.CharField(max_length=255)
codename = models.CharField(max_length=100)
class Group(models.Model):
"""
分组表
"""
name = models.CharField(max_length=150)
permissions = models.ManyToManyField(Permission, blank=True)
class User(models.Model):
"""
用户表
"""
username = models.CharField(max_length=150)
password = models.CharField(max_length=128)
email = models.EmailField(max_length=254)
fist_name = models.CharField(max_length=30, blank=True)
last_name = models.CharField(max_length=150, blank=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
is_superuser = models.BooleanField(default=False)
last_login = models.DateTimeField(null=True, blank=True)
date_joined = models.DateTimeField(null=True, default=timezone.now)
groups = models.ManyToManyField(Group, blank=True)
user_permissions = models.ManyToManyField(Permission, blank=True)