django HttpResponseForbidden不起作用

Question

我在is_send_permitted_interceptor處將此代碼除外，如果為true則停止處理並重定向到禁止。 但是，它沒有，而是返回了函數中的HttpResponseForbidden對象。

我實際上如何使HttpResponseForbidden（）在此上下文中運行。

@login_required
def process_all(request):
    #If we had a POST then get the request post values.
    if request.method == 'POST':
        batches = Batch.objects.for_user_pending(request.user)

        # Will redirect/cancel request if user does not meet requirements, funds, permissions etc
        is_send_permitted_interceptor(request)
        # stuff here if everything is ok


def is_send_permitted_interceptor(request):
    # Check user has required credits in account to these batches.
    balance = Account.objects.get(user=request.user).get_balance()
    cost_of_sending = Batch.objects.batches_cost_pending(user=request.user)
    if balance < cost_of_sending:

        return HttpResponseForbidden()
    else:
        pass

Answer 1

您需要在調用者中添加return ，因為您的check函數將要返回給調用者，並且它的值就是您要返回到瀏覽器的值。

更好的方法如下：

def is_send_permitted_interceptor(user):
    # Check user has required credits in account to these batches.
    balance = Account.objects.get(user=user).get_balance()
    cost_of_sending = Batch.objects.batches_cost_pending(user=user)
    return balance < cost_of_sending

然后在您的呼叫者中：

if request.method == 'POST':
    batches = Batch.objects.for_user_pending(request.user)

    if is_send_permitted_interceptor(request.user):
        return HttpResponseForbidden()

這樣，它的view方法就是所有重定向發生的地方。 這樣就避免了傳遞request 。

Answer 2

您不會在process_all視圖中返回“攔截器”的輸出，因此它永遠不會到達用戶。

只需在攔截器中實現您的邏輯，但僅在需要時從主視圖return即可。

def is_send_permitted(request):
    # Check user has required credits in account to these batches.
    balance = Account.objects.get(user=request.user).get_balance()
    cost_of_sending = Batch.objects.batches_cost_pending(user=request.user)
    if balance < cost_of_sending:
        return False
    else:
        return True


@login_required
def process_all(request):
    #If we had a POST then get the request post values.
    if request.method == 'POST':
        batches = Batch.objects.for_user_pending(request)

        # Will redirect/cancel request if user does not meet requirements, funds, permissions etc
        if not is_send_permitted_interceptor(request):
            return HttpResponseForbidden()
        # stuff here if everything is ok

您還可以在此處引發異常：

from django.core.exceptions import PermissionDenied
raise PermissionDenied()

但是，當沒有真正異常的情況發生時，引發異常是個壞習慣。

django HttpResponseForbidden不起作用

問題描述

2 個解決方案

解決方案1
2 2013-09-02 13:13:55

解決方案2
1 已采納 2013-09-02 13:13:24

django HttpResponseForbidden不起作用

問題描述

2 個解決方案

解決方案1 2 2013-09-02 13:13:55

解決方案2 1 已采納 2013-09-02 13:13:24

解決方案1
2 2013-09-02 13:13:55

解決方案2
1 已采納 2013-09-02 13:13:24