模型上的Django权限有多自动？

Question

我目前实行的Django

许可模块

这是我的模型：

from django.db import models 


# Create your models here. 
class School(models.Model): 
    name = models.CharField(max_length=100) 
    address = models.TextField() 

    def __unicode__(self): 
     return self.name 


class Teacher(models.Model): 
    school = models.ForeignKey(School) 
    first_name = models.CharField(max_length=50) 
    middle_name = models.CharField(max_length=50) 
    last_name = models.CharField(max_length=50) 

    def name(self): 
     return '{0} {1} {2}'.format(self.first_name, 
            self.middle_name, 
            self.last_name) 

    def __unicode__(self): 
     return self.name() 


class Section(models.Model): 
    """ 
    This model must only be manipulated by its respective teacher 
    """ 

    teacher = models.ForeignKey(Teacher) 
    name = models.CharField(max_length=100) 

    def __unicode__(self): 
     return self.name 


class Student(models.Model): 
    """ 
    This model must only be manipulated by its respective teacher 
    """ 

    section = models.ForeignKey(Section) 
    first_name = models.CharField(max_length=50) 
    middle_name = models.CharField(max_length=50) 
    last_name = models.CharField(max_length=50) 

    def name(self): 
     return '{0} {1} {2}'.format(self.first_name, 
            self.middle_name, 
            self.last_name) 

    def __unicode__(self): 
     return self.name() 


class Subject(models.Model): 
    """ 
    This model must only be manipulated by its respective student 
    """ 

    student = models.ForeignKey(Student) 
    name = models.CharField(max_length=50) 
    code = models.CharField(max_length=50) 

    def __unicode__(self): 
     return self.name 

在我的Django的管理，我创建等基团：

principal # Can change, add and delete Teacher Model 
teacher # Can change, add and delete Student and Section Model 
school_admin # Can change, add and delete School Model 
student # Can change, add and delete Subject Model 

在我的views.py ，我尝试验证并登录用户，然后登录用户，然后创建一个教师组，然后创建一个学校对象，如：

def index(request): 
    template = 'login.html' 
    user = request.user 
    login_form = LoginForm(request.POST or None) 
    context_dict = {'login_form': login_form} 

    if user.is_authenticated(): 
     groups = user.groups 
     print 'User:' 
     print user 
     if groups.filter(name='teacher').exists(): 
      print 'Teachers' 
      # The code below will save even though it is not in its permission 
      School.objects.create(name='DPS', address='Some Address') 
     return HttpResponse("Login") 

    if request.method == 'POST': 
     if login_form.is_valid(): 
      username = login_form.cleaned_data['username'] 
      password = login_form.cleaned_data['password'] 
      # print (login_form.cleaned_data) 
      # user = authenticate(username=username, password=password) 
      user = authenticate(email=username, password=password) 
      if user is not None: 
       if user.is_active: 
        login(request, user) 
        return HttpResponseRedirect('/') 
      else: 
       return HttpResponse("Wrong Username Password") 

    return render(request, template, context_dict) 

学校对象创建了..但是我希望它不会被创建因为登录的用户没有创建学校的对象..我缺少的东西，使我很期待没有做太多的编码许可？或者是否真的必须在视图上手动使用组和权限来设置条件语句？

Answer 1

相信线

School.objects.create(name='DPS', address='Some Address') 

是一个独立的表达。只要它通过了老师过滤器，它就会在代码中执行，因为它不知道上下文或权限。你可以简单地使用条件来实现你想要的。