4
如何限制儀表板用戶?我已經安裝了沙箱網站附帶的網關應用程序,但據我所知,用戶只是自動批准儀表板訪問。顯然這是一個安全問題。我已經阻止未經過身份驗證的用戶查看網站的某些部分,但我需要能夠限制/批准訪問儀表板。限制儀表板用戶Django-Oscar(沙盒網關應用)
我看到它的方式,我將不得不寫一個自定義視圖/表單才能夠從儀表板執行此操作,並且有待處理的帳戶註冊提要。
任何指針,將不勝感激。
相關代碼:
import logging
from django.views import generic
from django.contrib.auth.models import User
from django.contrib import messages
from django.core.mail import send_mail
from django import http
from django.core.urlresolvers import reverse
from django.template.loader import get_template
from django.template import Context
from apps.gateway import forms
from oscar.apps.customer.forms import generate_username
logger = logging.getLogger('gateway')
class GatewayView(generic.FormView):
template_name = 'gateway/form.html'
form_class = forms.GatewayForm
def form_valid(self, form):
real_email = form.cleaned_data['email']
username = generate_username()
password = generate_username()
email = 'dashboard-user-%[email protected]' % username
user = self.create_dashboard_user(username, email, password)
self.send_confirmation_email(real_email, user, password)
logger.info("Created dashboard user #%d for %s",
user.id, real_email)
messages.success(
self.request,
"The credentials for a dashboard user have been sent to %s" % real_email)
return http.HttpResponseRedirect(reverse('gateway'))
def create_dashboard_user(self, username, email, password):
user = User.objects.create_user(username, email, password)
user.is_staff = True
user.save()
return user
def send_confirmation_email(self, real_email, user, password):
msg = get_template('gateway/email.txt').render(Context({
'email': user.email,
'password': password
}))
send_mail('Dashboard access to Oscar sandbox',
msg, '[email protected]',
[real_email])
https://github.com/django-oscar/django-oscar/blob/master/sites/sandbox/apps/gateway/views.py 這只是自動創建一個is_staff用戶,只要電子郵件是有效的。
我以爲有一個想法是將儀表板頁面限制爲已經過身份驗證的用戶,標記爲is_staff。看起來很笨拙 –
你看過相關的[儀表板權限文檔](http://django-oscar.readthedocs.org/en/latest/ref/apps/dashboard.html?highlight=dashboard)嗎?捆綁的沙盒應用程序是[探索奧斯卡的示例站點](http://django-oscar.readthedocs.org/en/latest/internals/sandbox.html?highlight=sandbox),但並不適合所有情況。 – tutuDajuju