Python 设立禁区
我正试图建立一个网站的限制区,只有注册用户才能看到他的个人资料和他的帖子。员工用户可以查看所有用户的个人资料和相关帖子 这是型号。py:Python 设立禁区,python,django,django-views,Python,Django,Django Views,我正试图建立一个网站的限制区,只有注册用户才能看到他的个人资料和他的帖子。员工用户可以查看所有用户的个人资料和相关帖子 这是型号。py: ... from django.contrib.auth.models import User class Post(models.Model): authorized_users = models.ManyToManyField( User, related_name="user_set", defa
...
from django.contrib.auth.models import User
class Post(models.Model):
authorized_users = models.ManyToManyField(
User,
related_name="user_set",
default=1,
)
title = models.CharField(max_length=100)
...
from django.shortcuts import redirect, render, get_object_or_404
from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.models import User
@permission_required('user.is_staff', raise_exception=True)
def listUsers(request):
users_list = User.objects.all()
context = {"users_list": users_list}
template = 'usermanager/users_list.html'
return render(request, template, context)
@permission_required('post.authorized_users=username', raise_exception=True)
def singleUser(request, username):
user_single = get_object_or_404(User, username=username)
context = {"user_single": user_single}
template = 'usermanager/single_user.html'
return render(request, template, context)
def listPost(request):
posts_list = Post.objects.all()
context = {"posts_list": posts_list}
template = 'usermanager/list_post.html'
return render(request, template, context)
def singlePost(request, pk):
post_single = get_object_or_404(Post, pk=pk)
context = {"post_single": post_single}
template = 'usermanager/single_post.html'
return render(request, template, context)
正如您所见,一篇文章可以有多个作者(授权用户)
这是视图。py:
...
from django.contrib.auth.models import User
class Post(models.Model):
authorized_users = models.ManyToManyField(
User,
related_name="user_set",
default=1,
)
title = models.CharField(max_length=100)
...
from django.shortcuts import redirect, render, get_object_or_404
from django.contrib.auth.decorators import login_required, permission_required
from django.contrib.auth.models import User
@permission_required('user.is_staff', raise_exception=True)
def listUsers(request):
users_list = User.objects.all()
context = {"users_list": users_list}
template = 'usermanager/users_list.html'
return render(request, template, context)
@permission_required('post.authorized_users=username', raise_exception=True)
def singleUser(request, username):
user_single = get_object_or_404(User, username=username)
context = {"user_single": user_single}
template = 'usermanager/single_user.html'
return render(request, template, context)
def listPost(request):
posts_list = Post.objects.all()
context = {"posts_list": posts_list}
template = 'usermanager/list_post.html'
return render(request, template, context)
def singlePost(request, pk):
post_single = get_object_or_404(Post, pk=pk)
context = {"post_single": post_single}
template = 'usermanager/single_post.html'
return render(request, template, context)
如果我以职员身份登录,我可以看到用户列表(查看listUsers)和单个用户及其所有帖子(查看singleUser);但是如果我以非工作人员用户身份登录,我会看到消息403禁止。这不是我想看到的,因为我只想看到我的个人资料和帖子
如何解决这个问题?我解决的问题是使用以下方法:
def userProfile(request, username):
if request.user.username == username:
user_details = get_object_or_404(UserProfile, username=username)
elif request.user.is_staff:
user_details = get_object_or_404(UserProfile, username=username)
else:
raise PermissionDenied
context = {
"user_details": user_details,
}
template = 'usermanager/reading/user_profile.html'
return render(request, template, context)
可以对其他视图使用相同的策略。我解决的问题是使用以下方法:
def userProfile(request, username):
if request.user.username == username:
user_details = get_object_or_404(UserProfile, username=username)
elif request.user.is_staff:
user_details = get_object_or_404(UserProfile, username=username)
else:
raise PermissionDenied
context = {
"user_details": user_details,
}
template = 'usermanager/reading/user_profile.html'
return render(request, template, context)
可以对其他视图使用相同的策略。您有
用户。对于单用户
您有用户。对于单用户
您有用户。对于单用户
您有权限
中是否有员工