Django-如果动态url的主键发生更改,请避免错误记录
我正在设计一个应用程序,学生可以通过调查对他们的老师进行评分 该应用程序的基本功能是为每位教师生成一个动态url,例如:Django-如果动态url的主键发生更改,请避免错误记录,django,django-forms,django-views,Django,Django Forms,Django Views,我正在设计一个应用程序,学生可以通过调查对他们的老师进行评分 该应用程序的基本功能是为每位教师生成一个动态url,例如: 迈克老师:mywebsite.com/Teacher/1 布莱恩老师:mywebsite.com/Teacher/2 这些数字与每位教师的主键相对应。学生填写调查,在发送调查时,首先在数据库中验证之前没有发送过答案(以避免重复)。如果之前已经保存了答案,则会显示一个页面,上面写着这一点 一切正常,但如果用户(学生)执行奇怪的操作,则会出现问题。例如,当学生评分时,教师Mi
- 迈克老师:mywebsite.com/Teacher/1
- 布莱恩老师:mywebsite.com/Teacher/2
def send(request, user_pk):
if not request.user.is_authenticated:
return HttpResponseRedirect('/accounts/login/')
else:
#first look for the record not to exist in the DB to avoid duplicate records
exist = Answers.objects.filter(name= request.user, teacher= user_pk ).exists()
# if there is not then I proceed to create the record in the database
if exist == False:
for key, value in request.POST.items():
if clave != 'csrfmiddlewaretoken':
Answers.objects.create(question=int(clave), answer_to_question=int(valor), student = request.user,teacher = int(user_pk))
#then I change a record in the table of my DB where the finished evaluations are stored, from false to true.
actual_state= State.objects.get(student__name = request.user, teacher = user_pk)
actual_state.finished_evaluation = True
actual_state.save()
return render(request,"myapp\send.html")
else:
return render(request,"myapp\error.html")
与其担心用户更改URL,我建议您添加一个检查,确保用户可以为该老师提交答案 例如,如果
教师多对多用户from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404
@login_required
def send(request, user_pk):
teacher = get_object_or_404(Teacher, students=request.user)
exist = Answers.objects.filter(name= request.user, teacher=teacher).exists()
注意:我使用了上面的
login\u required/teacher/1//teacher/2/hashlib.sha256(f'{student.id}{teacher.id}{settings.SECRET\u KEY}.decode()).hexdigest()miweb/teacher/1miweb/teacher/3miweb/teacher/rate/1miweb/teacher/rate/3www.website.comwww.website.com/teacher/1sendwww.website.com/teacher/1/rates