Javascript Django:如果url是由用户手动写入的,则重定向
是否可以限制用户手动放置页面的url 假设我有两个页面——somepage.com/home和someplace.com/other,主页中的某个地方是一个按钮,用于将用户重定向到/other站点。我想确保用户不能通过手动写入其url来访问/other。相反,它应该重定向回主页 是否有一些装饰像登录需要我可以使用?或者我应该使用一些js函数Javascript Django:如果url是由用户手动写入的,则重定向,javascript,html,django,redirect,django-views,Javascript,Html,Django,Redirect,Django Views,是否可以限制用户手动放置页面的url 假设我有两个页面——somepage.com/home和someplace.com/other,主页中的某个地方是一个按钮,用于将用户重定向到/other站点。我想确保用户不能通过手动写入其url来访问/other。相反,它应该重定向回主页 是否有一些装饰像登录需要我可以使用?或者我应该使用一些js函数 提前感谢您提供的任何提示和干杯。尝试使用html的referrer属性,如果用户通过单击您主页中的链接转到其他页面,则使用referrer指向您的主页。但是
提前感谢您提供的任何提示和干杯。尝试使用html的referrer属性,如果用户通过单击您主页中的链接转到其他页面,则使用referrer指向您的主页。但是如果用户手动输入了其他页面链接,那么推荐人将不会指向您的主页 返回值:一个字符串,表示加载当前文档的文档的URL。返回整个URL,包括协议(如http://)。如果当前文档不是通过链接(例如,通过书签)打开的,则返回空字符串 参考: 其他效率不高的解决方案:
尝试使用html的referer属性,如果用户通过单击主页中的链接转到其他页面,则referer指向您的主页。但是如果用户手动输入了其他页面链接,那么推荐人将不会指向您的主页 返回值:一个字符串,表示加载当前文档的文档的URL。返回整个URL,包括协议(如http://)。如果当前文档不是通过链接(例如,通过书签)打开的,则返回空字符串 参考: 其他效率不高的解决方案:
您可以构建一个中间件并使用它。 首先,您需要给每个用户一个组或访问该用户的权限。 现在您创建文件acl并创建一组URL名称 acl.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
现在您需要创建middelware文件:
中间件.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
将middelware添加到setting.py
设置.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
如果您有问题,请在评论中提问。我希望您的问题得到解决。您可以构建一个中间件并使用它。 首先,您需要给每个用户一个组或访问该用户的权限。 现在您创建文件acl并创建一组URL名称 acl.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
现在您需要创建middelware文件:
中间件.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
将middelware添加到setting.py
设置.py
acl_view_segment_divided = {
"pack_1": [
"url_name_1",
"url_name_2",
.
.
.
],
"pack_2": [
"url_name_3",
"url_name_4",
.
.
.
],
}
acl_view_segment = dict(
user_type_1=list(
acl_view_segment_divided["pack_1"] +
acl_view_segment_divided["pack_2"]
),
user_type_2=list(
acl_view_segment_divided["pack_1"]
),
)
from django.conf import settings
from django.utils.deprecation import MiddlewareMixin
from django.core.urlresolvers import resolve
from acl import acl_view_segment
from django.shortcuts import render
from django.contrib import auth
from apps.main.views import page_permission_denied_view
class ACLMiddleware(MiddlewareMixin):
@staticmethod
def process_view(request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
current_url = resolve(request.path_info).url_name
if current_url in getattr(settings, 'ACL_EXEMPT_VIEWS', set()):
return
user_type = request.user.user_type
acl = acl_view_segment[user_type]
if current_url not in acl:
return page_permission_denied_view(request)
or
return redirect(home_page)
MIDDLEWARE = [
...
'yourproject.middleware.ACLMiddleware',
]
如果您有问题,请在评论中提问。我希望您的问题得到解决。我也有类似的想法,但这一安全漏洞使我在此处发布了此问题:)太好了!它看起来正是我想要的。非常感谢。我也有类似的想法,但这个安全漏洞让我在这里发布了这个问题:)太好了!它看起来正是我想要的。非常感谢。我不太明白它是怎么工作的。这个中间件如何知道url是否是手工放置的?我不知道它是如何工作的。这个中间件如何知道url是否是手工放置的?