django admin 后台权限管理设置

设置用户的权限主要通过修改auth_user表的各字段来实现：

(https://docs.djangoproject.com/en/dev/ref/contrib/auth/)

下面是从官方文档中摘录过来的：

User

Fields

class  models. User

User objects have the following fields:

username

Required. 30 characters or fewer. Usernames may contain alphanumeric, _, @, +, . and - characters.

first_name

Optional. 30 characters or fewer.

last_name

Optional. 30 characters or fewer.

email

Optional. Email address.

password

Required. A hash of, and metadata about, the password. (Django doesn’t store the raw password.) Raw passwords can be arbitrarily long and can contain any character. See the password documentation.

groups

Many-to-many relationship to Group

user_permissions

Many-to-many relationship to Permission

is_staff [] [指定哪些用户可以访问admin的后台管理权限，如果为假，在登陆后台时会提示密码错误
但是不一定有操作的权限，此属性为真并且is_superuser为真的时候才能修改或添加别的用户]

Boolean. Designates whether this user can access the admin site.

is_active [如果为假，在登录管理界面时也会提示密码不正确]

Boolean. Designates whether this user account should be considered active. We recommend that you set this flag toFalse instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.

This doesn’t necessarily control whether or not the user can log in. Authentication backends aren’t required to check for the is_active flag, and the default backends do not. If you want to reject a login based on is_active being False, it’s up to you to check that in your own login view or a custom authentication backend. However, the AuthenticationForm used by thelogin() view (which is the default) does perform this check, as do the permission-checking methods such as has_perm() and the authentication in the Django admin. All of those functions/methods will return False for inactive users.

is_superuser

Boolean. Designates that this user has all permissions without explicitly assigning them.

last_login

A datetime of the user’s last login. Is set to the current date/time by default.

date_joined ¶

A datetime designating when the account was created. Is set to the current date/time by default when the account is created.

相应的方法：

class  models. User

get_username()

Returns the username for the user. Since the User model can be swapped out, you should use this method instead of referencing the username attribute directly.

is_anonymous()

Always returns False. This is a way of differentiating User and AnonymousUser objects. Generally, you should prefer usingis_authenticated() to this method.

is_authenticated()

Always returns True (as opposed to AnonymousUser.is_authenticated() which always returns False). This is a way to tell if the user has been authenticated. This does not imply any permissions, and doesn’t check if the user is active or has a valid session. Even though normally you will call this method on request.user to find out whether it has been populated by theAuthenticationMiddleware (representing the currently logged-in user), you should know this method returns True for any Userinstance.

get_full_name()

Returns the first_name plus the last_name, with a space in between.

get_short_name()

Returns the first_name.

set_password( raw_password)

Sets the user’s password to the given raw string, taking care of the password hashing. Doesn’t save the User object.

When the raw_password is None, the password will be set to an unusable password, as if set_unusable_password() were used.

Changed in Django 1.6:

In Django 1.4 and 1.5, a blank string was unintentionally stored as an unusable password.

check_password( raw_password)

Returns True if the given raw string is the correct password for the user. (This takes care of the password hashing in making the comparison.)

Changed in Django 1.6:

In Django 1.4 and 1.5, a blank string was unintentionally considered to be an unusable password, resulting in this method returning False for such a password.

set_unusable_password()

Marks the user as having no password set. This isn’t the same as having a blank string for a password. check_password()for this user will never return True. Doesn’t save the User object.

You may need this if authentication for your application takes place against an existing external source such as an LDAP directory.

has_usable_password()

Returns False if set_unusable_password() has been called for this user.

get_group_permissions( obj=None)

Returns a set of permission strings that the user has, through his/her groups.

If obj is passed in, only returns the group permissions for this specific object.

get_all_permissions( obj=None)

Returns a set of permission strings that the user has, both through group and user permissions.

If obj is passed in, only returns the permissions for this specific object.

has_perm( perm,  obj=None)

Returns True if the user has the specified permission, where perm is in the format "<app label>.<permission codename>". (see documentation on permissions). If the user is inactive, this method will always return False.

If obj is passed in, this method won’t check for a permission for the model, but for this specific object.

has_perms( perm_list,  obj=None)

Returns True if the user has each of the specified permissions, where each perm is in the format"<app label>.<permission codename>". If the user is inactive, this method will always return False.

If obj is passed in, this method won’t check for permissions for the model, but for the specific object.

has_module_perms( package_name)

Returns True if the user has any permissions in the given package (the Django app label). If the user is inactive, this method will always return False.

email_user( subject,  message,  from_email=None,  **kwargs)

Sends an email to the user. If from_email is None, Django uses the DEFAULT_FROM_EMAIL.

Changed in Django Development version:

Any **kwargs are passed to the underlying send_mail() call.