Python Django 2.2无法理解如果用户创建了博客文章,如何授权用户编辑或删除该博客文章
这是我第三次问这个问题。我不知道如何只允许创建特定博客帖子的用户编辑或删除该帖子。所以这个博客和其他博客一样。所有用户都可以查看所有其他用户的博客帖子。要创建博客文章,用户必须已使用帐户登录。编辑和删除博客文章也是如此。但是,我不知道如何检查一个用户是否可以根据该用户是否是创建博客文章的用户来编辑或删除博客文章。我正在输入这个问题,因为没有人回答我之前发布的问题。下面是用于更新/编辑博客文章的模型、视图和html的三个文件。一旦我算出了编辑,我就可以算出删除。我知道Django会自动创建添加、更改和删除权限。不幸的是,更改和删除权限总是返回false,即使该用户已经登录。这件事我已经坚持了好几天了。三天里已经有15个多小时了 blog/models.pyPython Django 2.2无法理解如果用户创建了博客文章,如何授权用户编辑或删除该博客文章,python,django,Python,Django,这是我第三次问这个问题。我不知道如何只允许创建特定博客帖子的用户编辑或删除该帖子。所以这个博客和其他博客一样。所有用户都可以查看所有其他用户的博客帖子。要创建博客文章,用户必须已使用帐户登录。编辑和删除博客文章也是如此。但是,我不知道如何检查一个用户是否可以根据该用户是否是创建博客文章的用户来编辑或删除博客文章。我正在输入这个问题,因为没有人回答我之前发布的问题。下面是用于更新/编辑博客文章的模型、视图和html的三个文件。一旦我算出了编辑,我就可以算出删除。我知道Django会自动创建添加、更
from django.db import models
from django.conf import settings
from django.utils import timezone
from django.db.models import Q
User = settings.AUTH_USER_MODEL
class BlogPostQuerySet(models.QuerySet):
def published(self):
now = timezone.now()
return self.filter(publish_date__lte=now)
def search(self, query):
lookup = (
Q(title__icontains=query) |
Q(content__icontains=query) |
Q(slug__icontains=query) |
Q(user__first_name__icontains=query) |
Q(user__last_name__icontains=query) |
Q(user__username__icontains=query) |
Q(user__email__icontains=query) |
Q(image__icontains=query)
)
return self.filter(lookup)
class BlogPostManager(models.Manager):
def get_queryset(self):
return BlogPostQuerySet(self.model, using=self._db)
def published(self):
return self.get_queryset().published()
def search(self, query=None):
if query is None:
return self.get_queryset().none()
return self.get_queryset().published().search(query)
class BlogPost(models.Model): # blogpost_set -> queryset
user = models.ForeignKey(User, default=1, null=True, on_delete=models.SET_NULL)
image = models.ImageField(upload_to='image/', blank=True, null=True)
title = models.CharField(max_length=120)
slug = models.SlugField(unique=True) # Example: "hello world" -> hello-world
content = models.TextField(null=True, blank=True)
publish_date = models.DateTimeField(auto_now=False, auto_now_add=False, null=True, blank=True)
timestamp = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
objects = BlogPostManager()
class Meta:
ordering = ['-publish_date','-updated','-timestamp']
permission = (
("can_change_blogpost", "Can change BlogPost"),
)
def get_absolute_url(self):
return f"/blog/{self.slug}"
def get_edit_url(self):
return f"{self.get_absolute_url()}/edit"
def get_delete_url(self):
return f"{self.get_absolute_url()}/delete"
from django.contrib.auth.decorators import login_required
from django.shortcuts import render, get_object_or_404
from .models import BlogPost
from .forms import BlogPostModelForm
from django.contrib.auth.models import User
def blog_post_list_view(request):
qs = BlogPost.objects.all().published() # queryset -> list of python objects
if request.user.is_authenticated:
my_qs = BlogPost.objects.filter(user=request.user)
qs = (qs | my_qs).distinct()
context = {'object_list':qs}
return render(request, 'blog/list.html', context)
@login_required
def blog_post_create_view(request):
form = BlogPostModelForm(request.POST or None, request.FILES or None)
if form.is_valid():
obj = form.save(commit=False)
obj.user = request.user
obj.save()
form = BlogPostModelForm()
context = {'form':form}
return render(request, 'blog/form.html', context)
def blog_post_detail_view(request, slug):
obj = get_object_or_404(BlogPost, slug=slug)
context = {'object':obj}
return render(request, 'blog/detail.html', context)
@login_required
def blog_post_update_view(request, slug):
obj = get_object_or_404(BlogPost, slug=slug)
form = BlogPostModelForm(request.POST or None, instance=obj)
if form.is_valid():
form.save()
context = {
"form":form,
"title":f"Update {obj.title}",
}
return render(request, 'blog/update.html', context)
@login_required
def blog_post_delete_view(request, slug):
obj = get_object_or_404(BlogPost, slug=slug)
if request.method == "POST":
obj.delete()
context = {'object':obj}
return render(request, 'blog/delete.html', context)
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
{% load static %}
<link rel="stylesheet" type="text/css" href="{% static 'blog/style.css' %}">
<title>New Blog post</title>
</head>
<body>
<div class="parallax5" align="center">
<h1 class="a">UPDATE your Blog page</h1><br>
<h1>Perms</h1><br>
{{ perms.blog.change_blogpost }}<br>
{% if perms.blog.change_blogpost %}
<form style="background-color:grey;" method="POST" action=".">
<p>Please only post blogs that are in good taste. You can
update your blog below.</p>
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Update Blog</button>
</form><br>
{% else %}
<p style="background-color:red;color:white;">You do not have permission to update this blog post</p>
{% endif %}
<a style="background-color:white;font-size:50px;" href="{% url 'list' %}">I'm done!<br>Go back to blog list</a>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
</body>
</html>
{%load static%}
新博文
更新您的博客页面
烫发
{{perms.blog.change_blogpost}}
{%if perms.blog.change_blogpost%}
请只发布有品位的博客。你可以
在下面更新你的博客
{%csrf_令牌%}
{{form.as_p}}
更新博客
{%else%}
您没有更新此博客文章的权限
{%endif%}
一切!随便你说,我已经(很可能)知道你在说什么了。我太累了,太生气了,甚至连我试过的所有东西都没有看一遍。请有人帮忙 我的网站确实有与您要求的完全相同的行为,但实施方式却完全不同 删除后视图如下所示:
class PostDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
model = Post
success_url = '/market'
def test_func(self):
post = self.get_object()
if self.request.user == post.author:
return True
return False
class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
model = Post
fields = ['title', 'content']
def form_valid(self, form):
form.instance.author = self.request.user
return super().form_valid(form)
def test_func(self):
post = self.get_object()
if self.request.user == post.author:
return True
return False
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.views.generic import ( ListView, DetailView, CreateView, UpdateView, DeleteView)
我知道,仅仅向您展示我的代码库可能无法直接帮助您,但它可能会给您一些想法,让我知道。保持坚强,我知道有时候会让人沮丧,但你会管理好的。我的网站确实有着与你要求的完全相同的行为,但实施方式却完全不同 删除后视图如下所示:
class PostDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
model = Post
success_url = '/market'
def test_func(self):
post = self.get_object()
if self.request.user == post.author:
return True
return False
class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
model = Post
fields = ['title', 'content']
def form_valid(self, form):
form.instance.author = self.request.user
return super().form_valid(form)
def test_func(self):
post = self.get_object()
if self.request.user == post.author:
return True
return False
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.views.generic import ( ListView, DetailView, CreateView, UpdateView, DeleteView)
我知道,仅仅向您展示我的代码库可能无法直接帮助您,但它可能会给您一些想法,让我知道。保持强大,我知道有时候会让人沮丧,但你会管理它。Django的默认权限是为表级访问设计的,所以我不会将这些权限用于行级访问。在编辑和删除视图中,我将使用
obj=get\u object\u或_404(BlogPost,slug=slug,user=request.user)obj=get\u object\u或_404(BlogPost,slug=slug,user=request.user)