开发者

How to serve files only to a is_staff user?

I would like to know how to serve files only to staff users (that is onl开发者_JAVA技巧y when is_staff=True).


if you are using apache 2.2 then consider a location like example

<Location /example/>
        AuthType Basic
        AuthName "example.com"
        AuthUserFile /dev/null
        AuthBasicAuthoritative Off
        Require valid-user

        SetEnv DJANGO_SETTINGS_MODULE mysite.settings
        PythonAuthenHandler django.contrib.auth.handlers.modpython
    </Location>

By default, the authentication handler will limit access to the /example/ location to users marked as staff members. You can use a set of PythonOption directives to modify this behavior:

DjangoRequireStaffStatus :If set to on only "staff" users (i.e. those with the is_staff flag set) will be allowed.

DjangoRequireSuperuserStatus: If set to on only superusers (i.e. those with the is_superuser flag set) will be allowed. Defaults to off.

DjangoPermissionName :The name of a permission to require for access. By default no specific permission will be required.


If you mean dynamic content generated by Django, read on. Else, for static files, go with the http server config solution described in the other answer.

You can set a fine-grained control at the view level using a decorator:

@user_passes_test(lambda u: u.is_staff)
def my_view(request):
    ...

More info at http://docs.djangoproject.com/en/dev/topics/auth/#django.contrib.auth.decorators.user_passes_test

If you want to make a generalised use of this you may do:

staff_only = user_passes_test(lambda u: u.is_staff)

...and include this in your url configuration:

urlpatterns = patterns('',
    url(r'^url1/$', 
        staff_only(views.my_view1),
        name = 'myapp_myview1'),
    url(r'^url2/$', 
        staff_only(views.my_view2),
        name = 'myapp_myview2'),

...etc.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜