django为基于类的视图添加用户身份验证检查
我的应用程序中有很多基于类的视图。它们中的大多数应该只有经过认证的员工用户才能访问。如何轻松添加用户检查以查看大量基于类的视图 对于standart函数视图,我添加了如下装饰器:django为基于类的视图添加用户身份验证检查,django,django-class-based-views,class-based-views,Django,Django Class Based Views,Class Based Views,我的应用程序中有很多基于类的视图。它们中的大多数应该只有经过认证的员工用户才能访问。如何轻松添加用户检查以查看大量基于类的视图 对于standart函数视图,我添加了如下装饰器: def only_staff_allowed(fn): '''decorator''' def wrapped(request, *args, **kwargs): if request.user.is_staff: return fn(request, *arg
def only_staff_allowed(fn):
'''decorator'''
def wrapped(request, *args, **kwargs):
if request.user.is_staff:
return fn(request, *args, **kwargs)
else:
return HttpResponseRedirect(reverse('moderator:login'))
return wrapped
@only_staff_allowed
def dashboard(request):
''' now accessible only by staff users '''
return render(request, 'moderator/dashboard.html', {})
url(r"^protected/$", login_required(ProtectedView.as_view()), name="protected_view"),
我如何做类似于基于类的视图的事情
class AddressesAddList(ListView):
template_name = 'moderator/addresses/add_list.html'
queryset = Address.objects.filter(need_moderating=True)
paginate_by = 100
我应该添加一些mixin还是重写一些方法?或者我可以装饰一些东西吗?您应该装饰基于类的视图的分派方法。见下文
from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
class ProtectedView(TemplateView):
template_name = 'secret.html'
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super(ProtectedView, self).dispatch(*args, **kwargs)
请参阅文档。您应该装饰基于类视图的分派方法。见下文
from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView
class ProtectedView(TemplateView):
template_name = 'secret.html'
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super(ProtectedView, self).dispatch(*args, **kwargs)
请参阅文档。实际上,至少有三种方法可以避免对每个需要登录的视图类的
dispatch
方法进行修饰
如果只有几个这样的视图,则可以在URLconf中使用该装饰器,如下所示:
def only_staff_allowed(fn):
'''decorator'''
def wrapped(request, *args, **kwargs):
if request.user.is_staff:
return fn(request, *args, **kwargs)
else:
return HttpResponseRedirect(reverse('moderator:login'))
return wrapped
@only_staff_allowed
def dashboard(request):
''' now accessible only by staff users '''
return render(request, 'moderator/dashboard.html', {})
url(r"^protected/$", login_required(ProtectedView.as_view()), name="protected_view"),
或者,如果您有更多的视图需要保护,最好使用LoginRequiredMixin
from:
而且,如果您有很多视图需要保护,您应该使用中间件一次性覆盖一堆视图;大致如下:
class RequireLoginMiddleware(object):
"""Requires login for URLs defined in REQUIRED_URLS setting."""
def __init__(self):
self.urls = tuple([re.compile(url) for url in REQUIRED_URLS])
self.require_login_path = getattr(settings, 'LOGIN_URL', '/accounts/login/')
def process_request(self, request):
if not request.user.is_authenticated() and request.path != self.require_login_path:
for url in self.urls:
if url.match(request.path):
return HttpResponseRedirect(u"{0}?next={1}".format(self.require_login_path, request.path))
实际上,至少有三种方法可以避免对每个视图类的
dispatch
方法进行修饰,这些视图类都需要登录
如果只有几个这样的视图,则可以在URLconf中使用该装饰器,如下所示:
def only_staff_allowed(fn):
'''decorator'''
def wrapped(request, *args, **kwargs):
if request.user.is_staff:
return fn(request, *args, **kwargs)
else:
return HttpResponseRedirect(reverse('moderator:login'))
return wrapped
@only_staff_allowed
def dashboard(request):
''' now accessible only by staff users '''
return render(request, 'moderator/dashboard.html', {})
url(r"^protected/$", login_required(ProtectedView.as_view()), name="protected_view"),
或者,如果您有更多的视图需要保护,最好使用LoginRequiredMixin
from:
而且,如果您有很多视图需要保护,您应该使用中间件一次性覆盖一堆视图;大致如下:
class RequireLoginMiddleware(object):
"""Requires login for URLs defined in REQUIRED_URLS setting."""
def __init__(self):
self.urls = tuple([re.compile(url) for url in REQUIRED_URLS])
self.require_login_path = getattr(settings, 'LOGIN_URL', '/accounts/login/')
def process_request(self, request):
if not request.user.is_authenticated() and request.path != self.require_login_path:
for url in self.urls:
if url.match(request.path):
return HttpResponseRedirect(u"{0}?next={1}".format(self.require_login_path, request.path))
您可以使用LoginRequiredMixin。这会将未经身份验证的用户重定向到页面集
从大括号.views导入登录名requiredMixin
类仪表板索引(LoginRequiredMixin,TemplateView):
模板名称='dashboard/index.html'
login_url='action:login'#您必须在其中设置页面,否则将使用默认设置。
raise_异常=False
您可以使用LoginRequiredMixin。这会将未经身份验证的用户重定向到页面集
从大括号.views导入登录名requiredMixin
类仪表板索引(LoginRequiredMixin,TemplateView):
模板名称='dashboard/index.html'
login_url='action:login'#您必须在其中设置页面,否则将使用默认设置。
raise_异常=False