In my url.py I have:
path('gpd/<pk>/', views.gpd, name='gpd'),
my view.py looks like:
@login_required(login_url='login')
def gpd(request,pk):
current_gpd = get_gpd(pk)
context = {'current_gpd ':current_gpd ,
'pk':pk, }
return render(request, 'app/gpd/gpd_form.html', context)
def get_gpd(id):
return GPD.objects.get(id=id)
I have noticed, that when my logined user change manually pk
- then he has an access to page with another pk. How to prevent it?
my GPG model:
class GPD(models.Model):
id = models.AutoField(primary_key=True)
employee = models.ForeignKey(Employee, verbose_name='Employee', on_delete = models.CASCADE, related_name='+')
class Employee(models.Model):
id = models.AutoField(primary_key=True)
name = models.CharField(max_length=30, verbose_name='Name')
def get_gpd(id,user):
return GPD.objects.get(id=id, employee=user)
so pass in the request.user
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.