回答此问题可获得 20 贡献值,回答如果被采纳可获得 50 分。
<p>我有一个名为<code>Showcase</code>的模型,用户使用它来展示项目,还有一个协作模型,用户可以在其中向展示中添加协作者。我正在尝试实现一个案例,其中showcase中的管理员和协作中的用户可以删除该协作</p>
<p>为了更好地解释,在showcase模型中,有一个管理showcase的管理员列表。他们还可以(通过<code>Collaborator</code>模型)向showcase添加协作者。<code>Collaborator</code>有一个用户字段,该字段是为showcase贡献的用户</p>
<p>我希望在添加协作者后,该用户可以删除自己(如果他不想成为showcase的一部分),或者管理员可以删除该协作者(如果他添加了一个错误的用户并想从showcase中删除他)</p>
<p>models.py</p>
<pre><code>class Showcase(models.Model):
title = models.CharField(max_length=50)
description = models.TextField(null=True)
skill_type = models.ForeignKey(Skill, on_delete=models.CASCADE)
user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.DO_NOTHING, related_name="Showcases")
content = models.TextField(null=True)
created_on = models.DateTimeField(auto_now_add=True)
updated_on = models.DateTimeField(auto_now=True)
voters = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name="upvotes")
slug = models.SlugField(max_length=255, unique=True)
administrator = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name="administrators", blank=True)
class Collaborator(models.Model):
post = models.ForeignKey(Showcase, on_delete=models.CASCADE, related_name="collaborated_showcases")
user = models.ForeignKey(settings.AUTH_USER_MODEL,
on_delete=models.CASCADE, related_name="collaborators")
skill = models.ForeignKey(Skill, on_delete=models.CASCADE, null=True, related_name="creative_type")
role = models.TextField(null=True)
created_on = models.DateTimeField(auto_now_add=True)
updated_on = models.DateTimeField(auto_now=True)
</code></pre>
<p>权限.py</p>
<pre><code>class IsUser(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return False
return obj.user == request.user
class IsAdmin(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return False
return request.user.administrators.filter(pk=obj.pk).exists()
</code></pre>
<p>view.py</p>
<pre><code>class CollaboratorDeleteView(APIView):
'''
Allow Administrators to delete a collaborator to a showcase
or allow the collaborator user to be able to delete himself
'''
permission_classes = [IsAdmin]
def delete(self, request, pk):
collaborator = get_object_or_404(Collaborator, pk=pk)
showcase = collaborator.post
try:
self.check_object_permissions(request, showcase)
collaborator.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
except APIException:
return Response(status=status.HTTP_403_FORBIDDEN)
</code></pre>
<p>网址</p>
<pre><code>path("collaborator/<int:pk>/delete/", qv.CollaboratorDeleteView.as_view(), name="collaborator-delete-view"),
</code></pre>
<p>现在我已经能够实现管理员可以删除协作者,但是如何在<code>Collaborator</code>模型中为用户添加另一个权限,以便能够通过该视图删除自己作为协作者</p>