Django 阻止访问基于字段的详细视图
Django block access to a detailview based on field
我有一个 detailView/template,它有一个 confidential 字段(布尔值),我希望详细信息页面只能由员工用户(或更高级别)访问。我目前通过将以下内容添加到我的模板来使其工作:
{% if enzymes.confidential == True %}
{% if user.is_staff %}
# confidential data is listed here
{% else %}
<p>You do not have access to this page</p>
{% endif %}
{% else %}
# non confidential data is listed here
{% endif %}
但是,我想知道我是否不能只对我的视图应用过滤器?下面列出了我使用的视图(包括我尝试过的一些剩余部分)。
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
# The active get_context_data
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context
# This was my WIP attempt
"""def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
if self.request.user.is_staff:
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
else:
# TODO: Load only confidential=False enzymes here
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context"""
一种典型的方法是覆盖 get_queryset 方法,如果用户不是工作人员则过滤查询集。如果非工作人员试图访问机密项目,他们将收到 404 页面。
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
def get_queryset(self):
queryset = super(DetailView, self).get_queryset()
if not request.user.is_staff:
queryset = queryset.filter(confidential=False)
return queryset
我有一个 detailView/template,它有一个 confidential 字段(布尔值),我希望详细信息页面只能由员工用户(或更高级别)访问。我目前通过将以下内容添加到我的模板来使其工作:
{% if enzymes.confidential == True %}
{% if user.is_staff %}
# confidential data is listed here
{% else %}
<p>You do not have access to this page</p>
{% endif %}
{% else %}
# non confidential data is listed here
{% endif %}
但是,我想知道我是否不能只对我的视图应用过滤器?下面列出了我使用的视图(包括我尝试过的一些剩余部分)。
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
# The active get_context_data
def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context
# This was my WIP attempt
"""def get_context_data(self, **kwargs):
context = super(DetailView, self).get_context_data(**kwargs)
if self.request.user.is_staff:
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
else:
# TODO: Load only confidential=False enzymes here
enzyme = context['object']
activities = Activitydiagram.objects.filter(enzymes=enzyme)
spectras = Spectraimage.objects.filter(enzymes=enzyme)
enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
context['activities'] = activities
context['spectras'] = spectras
context['enzymeactivities'] = enzymeactivities
return context"""
一种典型的方法是覆盖 get_queryset 方法,如果用户不是工作人员则过滤查询集。如果非工作人员试图访问机密项目,他们将收到 404 页面。
class DetailView(generic.DetailView):
template_name = 'gts/detail.html'
model = Enzymes
def get_queryset(self):
queryset = super(DetailView, self).get_queryset()
if not request.user.is_staff:
queryset = queryset.filter(confidential=False)
return queryset