Django不规范用户可以选择的内容

Question

I am very new to Django so don't judge me :). I am making a blog project and everything works well except one thing. When creating a post, the user can choose any other author that has previously logged in. Is there any way to set the author namespace as the currently logged in user? Here is my code:

Models.py

    from django.db import models
    from django.utils import timezone
    from django.core.urlresolvers import reverse
    from django.core.exceptions import ValidationError
    from django.utils.translation import gettext_lazy as _
    from django.contrib.auth.models import User


    def validate_even(value):
        if value == 'auth.User':
            raise ValidationError(
                _('%(value)s is not an even number'),
                params={'value': value},
            )

    class Post(models.Model):
        author = models.ForeignKey('auth.User')
        title = models.CharField(max_length=200)
        text = models.TextField()
        created_date = models.DateTimeField(default=timezone.now)
        published_date = models.DateTimeField(blank=True,null=True)

        def publish(self):
            self.published_date = timezone.now()
            self.save()

        def approve_comments(self):
            return self.comments.filter(approved_comment=True)

        def get_absolute_url(self):
            return reverse('post_detail', args=(), kwargs={'pk':self.pk})

        def __str__(self):
            return self.title

    class Comment(models.Model):
        post = models.ForeignKey('blog.post',related_name='comments')
        author = models.ForeignKey('auth.User')
        text = models.TextField()
        created_date = models.DateTimeField(default=timezone.now)
        approved_comment = models.BooleanField(default=False)

        def approve(self):
            self.approved_comment = True
            self.save()

        def get_absolute_url(self):
            return reverse('post_list')

        def __str__(self):
            return self.text

    class UserProfileInfo(models.Model):

        user = models.OneToOneField(User)

        def __str__(self):
            return self.user.username

My forms.py

from django import forms
from blog.models import Comment,Post
from django.contrib.auth.models import User
from blog.models import UserProfileInfo

class PostForm(forms.ModelForm):
    class Meta():
        model = Post
        fields = ['author','title','text']

        widgets = {
            'title':forms.TextInput(attrs={'class':'textinputclass','autocomplete':'true'}),
            'text':forms.Textarea(attrs={'class':'editable medium-editor-textarea postcontent'})
        }

class CommentForm(forms.ModelForm):
    class Meta():
        model = Comment
        fields = ['text']

        widgets = {
            'text':forms.Textarea(attrs={'class':'editable medium-editor-textarea'})
        }

    def __init__(self, *args, **kwargs):
        from django.forms.widgets import HiddenInput
        hide_condition = kwargs.pop('hide_condition',None)
        super(CommentForm, self).__init__(*args, **kwargs)
        if hide_condition:
            self.fields['author'].widget = HiddenInput()

class UserForm(forms.ModelForm):
    password = forms.CharField(widget=forms.PasswordInput(attrs={'autocomplete':'false'}))
    username = forms.CharField(widget=forms.TextInput(attrs={'autocomplete': 'false'}))

    class Meta():
        model = User
        fields = ('username', 'email', 'password')

        widgets = {
            'password':forms.TextInput(attrs={'autocomplete':'false'}),
            'username':forms.TextInput(attrs={'autocomplete':'false'}),
        }

My views.py

from django.shortcuts import render, get_object_or_404,redirect
from django.utils import timezone
from django.views.generic import (TemplateView,ListView,DetailView,CreateView,UpdateView,DeleteView)
from blog.models import Comment,Post
from blog.forms import PostForm,CommentForm
from django.contrib.auth.mixins import LoginRequiredMixin
from django.urls import reverse_lazy
from django.contrib.auth.decorators import login_required
from django.contrib import auth
from blog.forms import UserForm
from django.contrib.auth import views
from django.contrib.auth.models import User

def register(request):
    registered = False
    if request.method == 'POST':
        user_form = UserForm(data=request.POST)

        if user_form.is_valid():
            user = user_form.save()
            user.set_password(user.password)
            user.save()

            registered = True

            if registered:
                views.login(request)
                return redirect("/")

        else:
            print(user_form.errors)
    else:
        user_form = UserForm()

    return render(request, 'registration/registration.html',{'user_form':user_form,registered:'registered'})


class AboutView(TemplateView):
    template_name = 'about.html'

class PostListView(ListView):
    model = Post
    template_name = 'post_list.html'

    def get_queryset(self):
        return Post.objects.filter(published_date__lte=timezone.now()).order_by('-published_date')

class PostDetailView(DetailView):
    model = Post


class CreatePostView(LoginRequiredMixin,CreateView):

    login_url = '/login/'
    redirect_field_name = 'blog/post_detail.html'

    form_class = PostForm
    model = Post

    def get_queryset(self):
        return Post.objects.filter(author=self.request.user)
        form_class = PostForm
        form_class.author = self.request.user

class PostUpdateView(LoginRequiredMixin,UpdateView):
    login_url = '/login/'
    redirect_field_name = 'blog/post_detail.html'

    model = Post
    form_class = PostForm

class PostDeleteView(LoginRequiredMixin,DeleteView):
    model = Post
    success_url = reverse_lazy('post_list')

class DraftListView(LoginRequiredMixin,ListView):
    login_url = '/login/'
    redirect_field_name = 'blog/post_list.html'

    model = Post

    def get_queryset(self):
        return Post.objects.filter(published_date__isnull=True).order_by('created_date')

@login_required
def add_comment_to_post(request,pk):
    post = get_object_or_404(Post,pk=pk)
    if request.method == 'POST':
        form = CommentForm(request.POST)

        if form.is_valid():
            comment = form.save(commit=False)
            comment.post = post
            # comment.save()
            instance = form.save(commit=False)
            instance.author = request.user
            instance.save()
            return redirect('post_detail',pk=post.pk)
    else:
        form = CommentForm

    return render(request,'blog/comment_form.html',context={'form':form})

@login_required
def comment_approve(request,pk):
    comment = get_object_or_404(Comment,pk=pk)
    comment.approve()
    return redirect('post_detail',pk=comment.post.pk)


@login_required
def comment_remove(request, pk):
    comment = get_object_or_404(Comment, pk=pk)
    post_pk = comment.post.pk
    comment.delete()
    return redirect('post_detail', pk=post_pk)

@login_required
def post_publish(request,pk):
    post = get_object_or_404(Post,pk=pk)
    post.publish()
    return redirect('post_detail',pk=pk)

I have tried absolutely everything and nothing worked. Can anyone please help me?

Answer 1

In your PostForm , remove author from the fields, so it cannot be edited by the user:

fields = ['title', 'text']

Then in your CreatePostView , remove the def get_queryset() method as it doesn't do anything here. You should instead override the form_valid method, that's where you get a chance to update the model that was created by the form.

def form_valid(self, form):
    self.object = form.save(commit=False)  # the form's save method returns the instance
    self.object.author = self.request.user  # here you assign the author
    self.object.save()
    return HttpResponseRedirect(self.get_success_url())

Alternatively, to keep as close as possible to the CreateView parent class:

def form_valid(self, form):
    form.instance.author = self.request.user
    return super().form_valid(form)  # this will call `CreateView`'s `form_valid()` method, which saves the form.