在 Django 中，User、Group?和?Permission?是權限系統的核心組件。下面通過代碼示例演示它們的?CRUD（創建、讀取、更新、刪除）?操作：

一、User 模型 CRUD

from django.contrib.auth.models import User# 創建用戶
user = User.objects.create_user(username='alice',email='alice@example.com',password='securepassword'
)# 讀取用戶
user = User.objects.get(username='alice')  # 獲取單個用戶
users = User.objects.all()                # 獲取所有用戶
active_users = User.objects.filter(is_active=True)  # 過濾查詢# 更新用戶
user.email = 'new_email@example.com'
user.is_staff = True
user.save()# 刪除用戶
user.delete()

二、Group 模型 CRUD

from django.contrib.auth.models import Group, Permission# 創建組
group = Group.objects.create(name='編輯組')# 讀取組
group = Group.objects.get(name='編輯組')
groups = Group.objects.all()# 更新組
group.name = '高級編輯組'
group.save()# 刪除組
group.delete()# 為組分配權限
permission = Permission.objects.get(codename='add_post')
group.permissions.add(permission)  # 添加單個權限
group.permissions.remove(permission)  # 移除單個權限
group.permissions.clear()  # 清空所有權限

三、Permission 模型 CRUD

from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType
from myapp.models import Article  # 假設 Article 是你的模型# 創建自定義權限（通常通過模型的 Meta 類定義）
content_type = ContentType.objects.get_for_model(Article)
permission = Permission.objects.create(codename='can_publish',name='Can publish articles',content_type=content_type
)# 讀取權限
permission = Permission.objects.get(codename='can_publish')
permissions = Permission.objects.filter(content_type=content_type)# 更新權限
permission.name = 'Can publish and unpublish articles'
permission.save()# 刪除權限
permission.delete()

四、關聯操作

1. 用戶與組的關聯

user = User.objects.get(username='alice')
group = Group.objects.get(name='編輯組')user.groups.add(group)  # 用戶加入組
user.groups.remove(group)  # 用戶退出組
user.groups.clear()  # 用戶退出所有組
user.groups.set([group])  # 用戶只屬于指定組

2. 用戶與權限的直接關聯

permission = Permission.objects.get(codename='add_post')
user.user_permissions.add(permission)  # 直接為用戶分配權限
user.user_permissions.remove(permission)  # 移除用戶權限
user.user_permissions.clear()  # 清空用戶所有權限

五、查詢示例

1. 獲取用戶的所有權限

user = User.objects.get(username='alice')
all_permissions = user.get_all_permissions()  # 返回權限字符串集合

2. 檢查用戶是否有某個權限

if user.has_perm('myapp.add_article'):print("用戶有權限")
else:print("用戶無權限")

3. 獲取組的所有成員

group = Group.objects.get(name='編輯組')
users_in_group = group.user_set.all()

六、特殊操作

1. 創建超級用戶

# 方法 1：命令行創建
python manage.py createsuperuser# 方法 2：代碼創建
User.objects.create_superuser(username='admin',email='admin@example.com',password='adminpassword'
)

2. 修改用戶密碼

user = User.objects.get(username='alice')
user.set_password('new_secure_password')
user.save()

七? 模型關系圖?

?

# 權限與角色(組)相關聯，用戶通過稱為適當角色(組)的成員而得到這些角色(組)的權限

# 極大的簡化了權限的管理(相互依賴)

# Django的Auth組件(app)采用的認證規則就是RBAC

?? ?1 User表?? ??? ? ? ??? ??? ? :存用戶信息
? ? 2 Permission表?? ??? ??? ? :存權限
? ? 3 Role表?? ??? ??? ??? ??? ? :存角色(組)

? ? 4 Group_Role中間表?? ??? ??? ?:權限賦予角色(多對多)
?? ?5 User_Group中間表?? ??? ??? ?:角色賦予用戶(多對多)
? ? 6 User_Permission中間表?? ?:權限臨時賦予角色(多對多)
? ? ? ??
'''
ps:
?? ?1 Django后臺管理admin自帶RBAC
'''
?

八?手動實現一下關聯關系

from django import models
from datetime import datetime, timezoneclass Permission(models.Model):"""權限表"""name = models.CharField(max_length=255)codename = models.CharField(max_length=100)class Group(models.Model):"""分組表"""name = models.CharField(max_length=150)permissions = models.ManyToManyField(Permission,through='GroupPermission',  # 指定模型through_fields=('group', 'permission'),  # 指定字段blank=True)class User(models.Model):"""用戶表"""username = models.CharField(max_length=150)password = models.CharField(max_length=128)email = models.EmailField(max_length=254)fist_name = models.CharField(max_length=30, blank=True)last_name = models.CharField(max_length=150, blank=True)is_active = models.BooleanField(default=True)is_staff = models.BooleanField(default=False)is_superuser = models.BooleanField(default=False)last_login = models.DateTimeField(null=True, blank=True)date_joined = models.DateTimeField(null=True, default=timezone.now)groups = models.ManyToManyField(Group,through='UserGroup',  # 指定模型through_fields=('user', 'group'),  # 指定字段blank=True)user_permissions = models.ManyToManyField(Permission,through='UserPermission',  # 指定模型through_fields=('user', 'permission'),  # 指定字段blank=True)class UserGroup(models.Model):"""用戶和分組關系表"""user_id = models.ForeignKey(User, on_delete=models.CASCADE)group_id = models.ForeignKey(Group, on_delete=models.CASCADE)class UserPermission(models.Model):"""用戶和權限關系表"""user_id = models.ForeignKey(User, on_delete=models.CASCADE)permission_id = models.ForeignKey(Permission, on_delete=models.CASCADE)

九 自動關聯關系

class Permission(models.Model):"""權限表"""name = models.CharField(max_length=255)codename = models.CharField(max_length=100)class Group(models.Model):"""分組表"""name = models.CharField(max_length=150)permissions = models.ManyToManyField(Permission, blank=True)class User(models.Model):"""用戶表"""username = models.CharField(max_length=150)password = models.CharField(max_length=128)email = models.EmailField(max_length=254)fist_name = models.CharField(max_length=30, blank=True)last_name = models.CharField(max_length=150, blank=True)is_active = models.BooleanField(default=True)is_staff = models.BooleanField(default=False)is_superuser = models.BooleanField(default=False)last_login = models.DateTimeField(null=True, blank=True)date_joined = models.DateTimeField(null=True, default=timezone.now)groups = models.ManyToManyField(Group, blank=True)user_permissions = models.ManyToManyField(Permission, blank=True)