Django user_passes_test 用法
[英]Django user_passes_test usage
问题描述
I have a function-based view in Django:
我在 Django 中有一个基于函数的视图:
@login_required
def bout_log_update(request, pk):
...
While it's protected from people who aren't logged in, I need to be able to restrict access to this view based on: 1. The user currently logged in 2. Which user created the object (referred to by pk)虽然它不受未登录的人的保护,但我需要能够基于以下条件限制对此视图的访问: 1. 当前登录的用户 2. 哪个用户创建了对象(由 pk 引用)
It needs to be accessible only if the currently logged in user created the object being accessed, or is a superuser.仅当当前登录的用户创建了正在访问的对象或者是超级用户时,才需要访问它。
Can the standard @user_passes_test decorator accomplish this?标准的@user_passes_test 装饰器能做到这一点吗? Or a custom decorator?还是自定义装饰器? Or another method entirely?或者完全是另一种方法?
I'd re-write it as a class-based view and use UserPassesTestMixin if I could, but I don't know that it's possible for this particular view.如果可以,我会将其重新编写为基于类的视图并使用 UserPassesTestMixin,但我不知道此特定视图是否可行。
1 个解决方案
解决方案1
2 已采纳 2016-09-14 12:11:29
You can achieve this quite easily with a custom decorator based on user_passes_test source :您可以使用基于user_passes_test源的自定义装饰器轻松实现这一点:
def my_user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
"""
Decorator for views that checks that the user passes the given test,
redirecting to the log-in page if necessary. The test should be a callable
that takes the user object and returns True if the user passes.
"""
def decorator(view_func):
@wraps(view_func, assigned=available_attrs(view_func))
def _wrapped_view(request, *args, **kwargs):
# the following line is the only change with respect to
# user_passes_test:
if test_func(request.user, *args, **kwargs):
return view_func(request, *args, **kwargs)
path = request.build_absolute_uri()
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
# If the login url is the same scheme and net location then just
# use the path as the "next" url.
login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
current_scheme, current_netloc = urlparse(path)[:2]
if ((not login_scheme or login_scheme == current_scheme) and
(not login_netloc or login_netloc == current_netloc)):
path = request.get_full_path()
from django.contrib.auth.views import redirect_to_login
return redirect_to_login(
path, resolved_login_url, redirect_field_name)
return _wrapped_view
return decorator
Note that just one line is changed from test_func(request.user) to test_func(request.user, *args, **kwargs) so that all arguments passed to the view are passed to the test function too.请注意,只有一行从test_func(request.user)更改为test_func(request.user, *args, **kwargs)以便传递给视图的所有参数也传递给测试函数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.