Django Login Required to view

Question

I am building a small application which needs user profiles, I've used the build in user system from Django. But I have a problem regarding that even if you are not logged in you can still view the profile also another thing is that each user should only see his profile not others I need some tips on this

views.py

class UserProfileDetailView(DetailView):
    model = get_user_model()
    slug_field = "username"
    template_name = "user_detail.html"

    def get_object(self, queryset=None):
        user = super(UserProfileDetailView, self).get_object(queryset)
        UserProfile.objects.get_or_create(user=user)
        return user

class UserProfileEditView(UpdateView):
    model = UserProfile
    form_class = UserProfileForm
    template_name = "edit_profile.html"

    def get_object(self, queryset=None):
        return UserProfile.objects.get_or_create(user=self.request.user)[0]

    def get_success_url(self):
        return reverse("profile", kwargs={"slug": self.request.user})

Answer 1

Since you are using the Class Based Generic View , you need to add decorator @login_required in your urls.py

#urls.py

from django.contrib.auth.decorators import login_required
from app_name import views

url(r'^test/$', login_required(views.UserProfileDetailView.as_view()), name='test'),

Answer 2

Have you checked out the login_required decorator? Docs are here .

Since it seems you are using Class Based Views, you need to decorate in the urlconf, see here for more info .

Answer 3

At this moment you can add LoginRequiredMixin for your custom view. Example:

class MyListView(LoginRequiredMixin, ListView): # LoginRequiredMixin MUST BE FIRST
    pass

Doc: https://docs.djangoproject.com/en/4.1/topics/auth/default/#the-loginrequiredmixin-mixin

Answer 4

The below is what you should typically do

@login_required
def my_view(request, uid):
    # uid = user id taken from profile url
    me = User.objects.get(pk=uid)
    if me != request.user:
        raise Http404