解决方案只需要在我的User
模型中添加一个ManyToMany字段来保存已撤销的权限和自定义后端身份验证。
User模型:
revoked_permissions = models.ManyToManyField(Permission, blank=True)
身份验证后端:
from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import Permission
class UsersAuthenticationBackend(ModelBackend):
def _get_revoked_perms(self, user_obj):
if user_obj.is_superuser or user_obj.is_admin:
revoked_perms = Permission.objects.none()
elif hasattr(user_obj, 'revoked_permissions'):
revoked_perms = getattr(user_obj, 'revoked_permissions').values_list('content_type__app_label', 'codename')
else:
revoked_perms = Permission.objects.none()
revoked_perms = ["{}.{}".format(perm[0], perm[1]) for perm in revoked_perms]
return revoked_perms
def has_perm(self, user_obj, perm, obj=None):
if not user_obj.is_active:
return False
revoked_perms = self._get_revoked_perms(user_obj)
all_perms = self.get_all_permissions(user_obj)
allowed_perms = [p for p in all_perms if not p in revoked_perms]
return perm in allowed_perms
def has_module_perms(self, user_obj, app_label):
if not user_obj.is_active:
return False
revoked_perms = self._get_revoked_perms(user_obj)
all_perms = self.get_all_permissions(user_obj)
allowed_perms = [p for p in all_perms if not p in revoked_perms]
for perm in allowed_perms:
if perm[:perm.index('.')] == app_label:
return True
return False
Settings.py:
AUTHENTICATION_BACKENDS = [
"apps.users.backends.UsersAuthenticationBackend"
]
使用这个功能,我现在可以设定整体的用户组权限,也可以为特定用户单独撤销权限。