[英]Checking record owner before editing in Django
正在学习Django,却挂在这么一个看似简单的瞬间。 我需要检查并允许用户仅编辑他的帖子,如果他单击链接以编辑其他人的帖子 - 呈现特定页面。
我无法形成用户验证的条件,请帮助:
视图.py
@login_required
def blogs_edit_text_post(request, post_id):
post_form = PostForm(instance=TextPost.objects.get(id=post_id))
owner = TextPost.objects.get(pk=1)
if request.user == owner:
if request.method == "POST":
post_form = PostForm(request.POST, instance=TextPost.objects.get(id=post_id))
if post_form.is_valid():
post = post_form.save()
return redirect(blogs_blog)
return render(request, 'blogs/edit_text_post.html', {
'post_form': post_form
})
else:
return render(request, 'blogs/error_page.html', {})
模型.py
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE, related_name='profile_user_id')
blog_title = models.CharField(max_length=300, verbose_name='Название блога')
blog_description = models.TextField(max_length=500, verbose_name='Пара слов о себе', blank=True)
profile_pic = models.ImageField(default='nophoto.jpg', upload_to='user_pics/', blank=True, verbose_name='Аватар')
class TextPost(models.Model):
author = models.ForeignKey(Profile, on_delete=models.CASCADE)
title = models.CharField(max_length=300, verbose_name='Заголовок')
post = models.TextField(max_length=500, verbose_name='Текст поста', blank=False)
created_date = models.DateTimeField(default=timezone.now)
published_date = models.DateTimeField(blank=True, null=True)
网址.py
path('blogs/blog/', views.blogs_blog, name='blogs-blog')
请注意以下几点:
不要将 TextPost 与 Profile 模型相关联,而是将其直接与 User 模型相关联。 这对你的项目来说会更容易。
始终在 OneToOneField 或 ForeignKeyField 中使用“related_name”。
始终使用上下文(或另一个命名变量)在模板中传递变量。 在大项目中,您将不得不传递许多变量。
模型.py
class TextPost(models.Model):
author = models.ForeignKey(User, on_delete=models.CASCADE, related_name='user_name') # User, not Profiel, related_name added
title = models.CharField(max_length=300, verbose_name='Заголовок')
post = models.TextField(max_length=500, verbose_name='Текст поста', blank=False)
created_date = models.DateTimeField(default=timezone.now)
published_date = models.DateTimeField(blank=True, null=True)
视图.py
@login_required
def blogs_edit_text_post(request, post_id):
post = TextPost.objects.get(id=post_id)
if post.author == request.user: # post.author.user == request.user if it's related to Profile
if request.method == "POST":
post_form = PostForm(request.POST, instance=TextPost.objects.get(id=post_id))
if post_form.is_valid():
post = post_form.save()
return redirect(blogs_blog)
else:
post_form = PostForm(instance=TextPost.objects.get(id=post_id))
context = {
'post_form': post_form
}
return render(request, 'blogs/edit_text_post.html', context)
else:
return render(request, 'blogs/error_page.html', {})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.