基于权限的基于类的视图 Django

Question

如果您是成员列表的一部分，如何才能使您只能查看成员列表。 我什至不知道 MemberListView 中的“所需权限”是什么，因为这部分是由我的专家朋友完成的，所以我将其注释掉。 （希望有人也可以分享这是什么，编写基于类的视图超级新手）

基本上，对于我当前的代码，我尝试使它，如果当前登录的用户不属于列表，他们将被重定向。

models.py

class BlogPost(models.Model):
 chief_title                    = models.CharField(max_length=50, null=False, blank=False, unique=True)
 body                   = models.TextField(max_length=5000, null=False, blank=False)
 members    = models.ManyToManyField(settings.AUTH_USER_MODEL, blank=True, related_name="members")
 author                     = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)


class Account(AbstractBaseUser):
 email                  = models.EmailField(verbose_name="email", max_length=60, unique=True)
 username               = models.CharField(max_length=30, unique=True)

views.py

class MemberListView(LoginRequiredMixin,BlogPostMixin, DetailView):
    login_url = 'must_authenticate'    
    template_name = "HomeFeed/membersof_yourpost.html"
    #permission_required = ('blogpost.view_all_blogpost_members')

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        if self.request.user in object.members.all:
            return render('HomeFeed/membersof_yourpost.html', context)
        else:
            return render('HomeFeed/snippets/home.html', context)

模板：

<ul>
    {% for member in object.members.all %}
    <li>{{member.username}}</li>
    {% endfor %}
</ul>

基于 Niespodd 的回答：

class MemberListView(LoginRequiredMixin,BlogPostMixin, DetailView):
    def dispatch(self, request, *args, **kwargs):
        if self.request.user in self.get_object().members.all:
            return redirect('HomeFeed:member_list')

基于 JPG 答案：

class MemberListView(LoginRequiredMixin, UserPassesTestMixin, BlogPostMixin, DetailView):
    login_url = 'must_authenticate'    
    template_name = "HomeFeed/membersof_yourpost.html"

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        if self.request.user in object.members.all:
            return render('HomeFeed/membersof_yourpost.html', context)
        else:
            return render('HomeFeed/snippets/home.html', context)

    def test_func(self):
        post = self.get_object()
        return self.request.user in post.members.objects.all()

Answer 1

permission_required 指的是PermissionRequiredMixin，BlogPostMixin 很可能继承自该PermissionRequiredMixin。它记录在这里：https://docs.djangoproject.com/en/3.1/topics/auth/default/#the-permissionrequiredmixin-mixin

使用PermissionRequiredMixin 的默认实现，用户将获得拒绝访问错误页面。

如果您不熟悉基于类的视图，最简单的解决方案是简单地覆盖 MemberListView 上的 dispatch 方法并在那里检查用户的成员资格。

类似的东西：

class MemberListView( ... ):
    def dispatch( ... ):
        if self.request.user in self.get_object().members.all:
            return redirect( ... )

Answer 2

我宁愿使用UserPassesTestMixin--(doc) 类来处理权限为

from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin


class MemberListView(
    LoginRequiredMixin,
    UserPassesTestMixin,
    BlogPostMixin,
    DetailView
):
    login_url = 'must_authenticate'
    template_name = "HomeFeed/membersof_yourpost.html"

    def test_func(self):
        post = self.get_object()
        return self.request.user in post.members.all()

注意：在这种情况下，您不需要重写 get_context_data() 方法，最重要的是，get_context_data() 方法应该返回一个 dict 喜欢对象

Answer 3

obj.save()
obj.members.add(request.user) #change is here