我想控制只有超级用户(例如老师)可以访问从UpdateView 继承的页面并将其他人重定向到/404 页面。
我在views.py的班级:
class Edit_news(UpdateView):
model = News
form_class = edit_NewsForm
template_name = "profile/Edit_news.html"
urls.py 中类的 URL:
from django.urls import path
from .views import Edit_news
urlpatterns = [
path("edit-news/<pk>", Edit_news.as_view()),
]
【问题讨论】:
标签: python django django-class-based-views
您可以覆盖 View.dispatch(),这是任何 HTTP 方法的入口点,以首先检查用户。
dispatch(request, *args, **kwargs)视图的视图部分——接受请求参数和参数并返回 HTTP 响应的方法。
默认实现将检查 HTTP 方法并尝试委托给与 HTTP 方法匹配的方法;获取 将被委派给
get(),一个POST 给post(),等等。
class Edit_news(UpdateView):
...
def dispatch(self, request, *args, **kwargs):
if (
request.user.is_superuser
or request.user.has_perm('app.change_news') # If ever you attach permissions to your users
or request.user.email.endswith('@teachers.edu.org') # If the email of teachers are identified by that suffix
or custom_check_user(request.user) # If you have a custom checker
):
return super().dispatch(request, *args, **kwargs)
return HttpResponseForbidden()
...
如果您希望它对 HTTP GET 和 HTTP POST 等有所不同,则改为覆盖 specific method。
class django.views.generic.edit.BaseUpdateView方法
get(request, *args, **kwargs)
post(request, *args, **kwargs)
相关参考:
您也可以尝试UserPassesTestMixin(user_passes_test 的基于类的实现)。
class Edit_news(UserPassesTestMixin, UpdateView): # Some mixins in django-auth is required to be in the leftmost position (though for this mixin, it isn't explicitly stated so probably it is fine if not).
raise_exception = True # To not redirect to the login url and just return 403. For the other settings, see https://docs.djangoproject.com/en/3.2/topics/auth/default/#django.contrib.auth.mixins.AccessMixin
def test_func(self):
return (
self.request.user.is_superuser
or self.request.user.has_perm('app.change_news') # If ever you attach permissions to your users
or self.request.user.email.endswith('@teachers.edu.org') # If the email of teachers are identified by that suffix
or custom_check_user(self.request.user) # If you have a custom checker
)
...
【讨论】: