Django在同一网站上获取信息,但未在网址中显示pk
[英]Django get info in the same web without showing pk in url
问题描述
I'm trying to get info from a model but without moving the url, let me explain by myself when I access to for example: 
我正在尝试从模型中获取信息,但不移动url,请允许我在访问以下示例时自行解释:
/list It shows the info and if I just make a click in there i can access to the complete info of this user, or book or something and the url change to detail/8/ / list它显示信息,如果我在其中单击,我可以访问该用户的完整信息,或者预订或其他内容,并且网址更改为detail / 8 /
Is there any way to get the information without show the id of the database in the url? 有没有办法在不显示URL的数据库ID的情况下获取信息?
for example list/ 例如清单/
I have some code but I d no have any idea how to do it, I hope you guys can help me. 我有一些代码,但是我不知道该怎么做,希望你们能帮助我。
urls: 网址:
url(r'^detalle/(?P<pk>[0-9]+)/$', views.detalle_id, name="detalle_id"),
url(r'^detalle/(?P<nombre>.*)/$', views.detalle_nombre),
views: 意见:
def detalle_id(request, pk):
detalle = Pregunta.objects.get(pk=pk)
Pregunta.objects.filter(id=pk).update(comentario='1')
return render(request, 'detalle.html', {'detalle': detalle})
def detalle_nombre(request, nombre):
detalle = Pregunta.objects.get(nombre=nombre)
return render(request, 'detalle.html', {'detalle': detalle})
def lista(request):
listadb = Pregunta.objects.all()
return render(request, 'lista.html', {'listadb':listadb})
Edit: from comments: 编辑:从评论:
The reason of this is because I'm trying to make a client database and the users who will use the database will have access to some of them but not of all the data base so if a user set for example domain.com/89 will see the information or can edit of client No 89, this I have a lot reasons why I'm trying to do it like this. 这样做的原因是因为我正在尝试创建客户端数据库,并且将使用该数据库的用户将可以访问其中的一些数据库,但不能访问所有数据库,因此,如果将用户设置为例如domain.com/89,它将查看信息或可以编辑第89号客户,这是我尝试这样做的很多原因。 Believe me I need o get information on click but accessing without change the url just by click. 相信我,我需要o获得有关点击的信息,但只需单击即可访问而无需更改网址。 is it possible ? 可能吗 ? do you have any idea 你有什么主意吗
1 个解决方案
解决方案1
2 2016-09-17 00:46:43
If you are trying to create an 'unguessable' url for each book or other item in your database to stop unauthorized access, you are on the wrong track. 如果您试图为数据库中的每本书或其他项目创建一个“无法使用的” URL,以阻止未经授权的访问,那么您走的路是错误的。 Unguessable URLs can and will be guessed and people who shouldn't see or edit them, will edit them. 无法猜测的URL可以并且将会被猜测,不应该查看或编辑它们的人将对其进行编辑。
At the very least you should check if the user is authenticated. 至少您应该检查用户是否已通过身份验证。
if request.user.is_authenticated():
But this only tells you if the user is logged in or an anonymous user. 但这仅告诉您用户是登录用户还是匿名用户。 To find out if the user is authorized to edit, you will need to add some information to the models. 要确定用户是否有权编辑,您将需要向模型中添加一些信息。
class Pregunta(models.Model):
....
owner = models.ForiegnKey(User)
then do an additional test to find out if the ownership is correct. 然后再进行一次测试,以检查所有权是否正确。
getting back to unguessable URLS, if you don't want to use slugs, you can use a non sequential primary key: https://stackoverflow.com/a/37605582/267540 回到无法猜测的URL,如果您不想使用段塞,则可以使用非顺序主键: https : //stackoverflow.com/a/37605582/267540
This is usefull if you don't want to reveal to the user how many items exists in your database and which item came first. 如果您不想向用户透露数据库中有多少项以及哪一项先出现,这很有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.