Python 如何限制用户访问查看/修改其他用户使用Django创建的对象
我正在与Django一起做一个爱好项目,将我的想法按想法组分开存储,如下所示:Python 如何限制用户访问查看/修改其他用户使用Django创建的对象,python,django,Python,Django,我正在与Django一起做一个爱好项目,将我的想法按想法组分开存储,如下所示: class Idea(models.Model): name = models.CharField(unique=True, max_length=50) description = models.TextField() in_process = models.BooleanField() is_done = models.BooleanField() group = mode
class Idea(models.Model):
name = models.CharField(unique=True, max_length=50)
description = models.TextField()
in_process = models.BooleanField()
is_done = models.BooleanField()
group = models.ForeignKey(Group, on_delete=models.CASCADE, blank=False)
class Group(models.Model):
name = models.CharField(unique=True, max_length=25)
description = models.CharField(max_length=50, blank=True)
user = models.ForeignKey(User, on_delete=models.CASCADE, blank=False)
是否有任何方法限制当前登录的用户能够查看或修改其他用户使用基于类的通用视图创建的想法和想法组
class GroupDelete(LoginRequiredMixin, generic.DeleteView):
model = Group
pk_url_kwarg = "id"
success_url = reverse_lazy('ideas:list')
…和url,例如:
urlpatterns = [
path('<int:id>/delete', views.GroupDelete.as_view(), name='delete'),
]
urlpatterns=[
路径('/delete',views.GroupDelete.as_view(),name='delete'),
]
我使用的是Django 2.0。我建议编写一个自定义,您可以在其中继承
LoginRequiredMixin
,然后添加您自己的逻辑,以验证当前登录的用户(您可以从请求.用户
检索)是实际创建组
对象的用户
简单示例如下所示:
# mixins.py
from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import HttpResponseNotFound, HttpResponseRedirect
class YourCustomMixin(LoginRequiredMixin):
def dispatch(self, request, *args, **kwargs):
can_access = ... logic to check if user can access Group ...
disp = super().dispatch(request, *args, **kwargs)
if not isinstance(disp, HttpResponseRedirect) and not can_access:
return HttpResponseNotFound()
return disp
一旦有了can\u access
标志的值,就调用LoginRequiredMixin
的dispatch
方法,检查调用的结果是否是重定向(到登录页面),并对照can\u access
标志进行检查,然后返回httpresponseontfound()
或原始的disp
结果
当然,您也可以返回HttpResponseForbidden()
,而不是HttpResponseNotFound()
然后,您可以在视图中使用它,例如:
from your_app.mixins import YourCustomMixin
class GroupDelete(YourCustomMixin, generic.DeleteView):
...