Django基于类的视图UpdateView受限用户
[英]Django Class Based View UpdateView Restricted User
问题描述
I am trying to use a Django UpdateView to display an update form for the user. 
我正在尝试使用Django UpdateView为用户显示更新表单。 https://docs.djangoproject.com/en/1.8/ref/class-based-views/generic-editing/ https://docs.djangoproject.com/zh-CN/1.8/ref/class-based-views/generic-editing/
I only want the user to be able to edit their own form. 我只希望用户能够编辑自己的表单。
How can I filter or restrict the the objects in the model to only show objects belonging to the authenticated user? 如何过滤或限制模型中的对象以仅显示属于已认证用户的对象?
When the user only has one object I can use this: 当用户只有一个对象时,我可以使用此对象:
def get_object(self, queryset=None):
return self.request.user.profile.researcher
However, I now need the user to be able to edit multiple objects. 但是,我现在需要用户能够编辑多个对象。
UPDATE: 更新:
class ExperimentList(ListView): 类ExperimentList(ListView):
model = Experiment
template_name = 'part_finder/experiment_list.html'
def get_queryset(self):
self.researcher = get_object_or_404(Researcher, id=self.args[0])
return Experiment.objects.filter(researcher=self.researcher)
class ExperimentUpdate(UpdateView): 类ExperimentUpdate(UpdateView):
model = Experiment
template_name = 'part_finder/experiment_update.html'
success_url='/part_finder/'
fields = ['name','short_description','long_description','duration', 'city','address', 'url']
def get_queryset(self):
qs = super(ExperimentUpdate, self).get_queryset()
return qs.filter(researcher=self.request.user.profile.researcher)
URL: 网址:
url(r'^experiment/update/(?P<pk>[\w\-]+)/$', login_required(ExperimentUpdate.as_view()), name='update_experiment'),
2 个解决方案
解决方案1
2 已采纳 2015-08-11 03:07:17
UpdateView is only for one object; UpdateView仅用于一个对象。 you'd need to implement a ListView that is filtered for objects belonging to that user, and then provide edit links appropriately. 您需要实现一个针对属于该用户的对象进行过滤的ListView ,然后适当地提供编辑链接。
To prevent someone from simply putting the URL for an edit view explicitly, you can override get_object (as you are doing in your question) and return an appropriate response. 为了防止有人简单地将URL显式地放置在编辑视图中,可以覆盖get_object (就像您在问题中所做的那样)并返回适当的响应。
I have successfully been able to generate the list view and can get the update view to work by passing a PK.
Simply override the get_queryset method: 只需重写get_queryset方法:
def get_queryset(self):
qs = super(ExperimentUpdate, self).get_queryset()
# replace this with whatever makes sense for your application
return qs.filter(user=self.request.user)
If you do the above, then you don't need to override get_object . 如果执行上述操作,则无需覆盖get_object 。
The other (more complicated) option is to use custom form classes in your UpdateView ; 另一个(更复杂的)选项是在UpdateView使用自定义表单类; one for each of the objects - or simply use a normal method-based-view with multiple objects. 每个对象一个-或仅对多个对象使用普通的基于方法的视图。
解决方案2
0 2015-08-11 03:20:25
As the previous answer has indicated, act on the list to show only the elements belonging to the user. 如先前的答案所示,对列表进行操作以仅显示属于用户的元素。 Then in the update view you can limit the queryset which is used to pick the object by overriding 然后,在更新视图中,您可以通过覆盖来限制用于选择对象的查询集
def get_queryset(self):
qs = super(YourUpdateView, self).get_queryset()
return qs.filter(user=self.request.user)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.