Django 验证用户请求
Django validate user request
我只是一名学生,目前正在学习 Django。我的 Users/models.py
里有这个
class Membership(models.Model):
membership_type = models.CharField(max_length=50)
price = models.IntegerField(default=100)
description = models.CharField(max_length=200)
def __str__(self):
return self.membership_type
class Customer(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
membership = models.ForeignKey(Membership, on_delete=models.CASCADE,null=True)
reference = models.CharField(max_length=50, null=True)
def __str__(self):
return self.user.email
这是我的 views.py
def BookDetail(request, id):
most_recent = Book.objects.order_by('-timestamp')[:3]
user_membership = get_object_or_404(Customer, user=request.user)
book= get_object_or_404(Book, id=id)
form = CommentForm(request.POST or None)
if request.method == "POST":
if form.is_valid():
form.instance.user = request.user
form.instance.post = book
form.save()
return redirect(reverse("book-detail", kwargs={
'id': book.pk
}))
context = {
'user_membership': user_membership,
'form': form,
'book': book,
'most_recent': most_recent,
}
return render(request, 'catalog/book_detail.html', context)
如果 he/she 不是我的 book_detail.html 客户模型的一部分,我该如何验证用户(注意:已编辑)
{% if request.user != user_membership.user %}
<button class="site-btn" disabled="disabled">Read</button>
{% else %}
{% for content in book.pages %}
<a href="{{ content.get_absolute_url }}" class="site-btn">Read</a>
{% endfor %}
{% endif %}
我遇到了 "No Customer matches the given query." 的错误。嗯,我在管理面板的客户模型中手动添加了用户。它不会在注册(信号)期间自动添加。但我同意。
你应该使用类似...
{% if request.user != customer.user %}
# disable read btn
{% else %}
# show read link
{% endif %}
您正在为您的 Customer 对象使用上下文变量 user_membership。这意味着您在模板中查找 Customer 对象时应该使用该名称。例如:
{% if request.user != user_membership.user %}
此外,您还应该确保在 settings.py 中设置了 Django 的 request context processor,这样您就可以在模板中使用 request 对象:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'APP_DIRS': True,
'OPTIONS': {
'context_processors': (
'django.template.context_processors.request',
),
}
},
]
更新
如果没有为当前登录用户配置 Customer 记录,则代码当前 return 向浏览器发送 404。但是,如果您希望在这种情况下继续呈现模板,那么您应该修改视图,以便将 user_membership 变量设置为 None:
def BookDetail(request, id):
most_recent = Book.objects.order_by('-timestamp')[:3]
try:
user_membership = Customer.objects.get(user=request.user)
except Customer.DoesNotExist:
user_membership = None
然后修改模板检查是否设置了user_membership:
{% if user_membership and user_membership.user == request.user %}
{% for content in book.pages %}
<a href="{{ content.get_absolute_url }}" class="site-btn">Read</a>
{% endfor %}
{% else %}
<button class="site-btn" disabled="disabled">Read</button>
{% endif %}
我只是一名学生,目前正在学习 Django。我的 Users/models.py
里有这个class Membership(models.Model):
membership_type = models.CharField(max_length=50)
price = models.IntegerField(default=100)
description = models.CharField(max_length=200)
def __str__(self):
return self.membership_type
class Customer(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
membership = models.ForeignKey(Membership, on_delete=models.CASCADE,null=True)
reference = models.CharField(max_length=50, null=True)
def __str__(self):
return self.user.email
这是我的 views.py
def BookDetail(request, id):
most_recent = Book.objects.order_by('-timestamp')[:3]
user_membership = get_object_or_404(Customer, user=request.user)
book= get_object_or_404(Book, id=id)
form = CommentForm(request.POST or None)
if request.method == "POST":
if form.is_valid():
form.instance.user = request.user
form.instance.post = book
form.save()
return redirect(reverse("book-detail", kwargs={
'id': book.pk
}))
context = {
'user_membership': user_membership,
'form': form,
'book': book,
'most_recent': most_recent,
}
return render(request, 'catalog/book_detail.html', context)
如果 he/she 不是我的 book_detail.html 客户模型的一部分,我该如何验证用户(注意:已编辑)
{% if request.user != user_membership.user %}
<button class="site-btn" disabled="disabled">Read</button>
{% else %}
{% for content in book.pages %}
<a href="{{ content.get_absolute_url }}" class="site-btn">Read</a>
{% endfor %}
{% endif %}
我遇到了 "No Customer matches the given query." 的错误。嗯,我在管理面板的客户模型中手动添加了用户。它不会在注册(信号)期间自动添加。但我同意。
你应该使用类似...
{% if request.user != customer.user %}
# disable read btn
{% else %}
# show read link
{% endif %}
您正在为您的 Customer 对象使用上下文变量 user_membership。这意味着您在模板中查找 Customer 对象时应该使用该名称。例如:
{% if request.user != user_membership.user %}
此外,您还应该确保在 settings.py 中设置了 Django 的 request context processor,这样您就可以在模板中使用 request 对象:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'APP_DIRS': True,
'OPTIONS': {
'context_processors': (
'django.template.context_processors.request',
),
}
},
]
更新
如果没有为当前登录用户配置 Customer 记录,则代码当前 return 向浏览器发送 404。但是,如果您希望在这种情况下继续呈现模板,那么您应该修改视图,以便将 user_membership 变量设置为 None:
def BookDetail(request, id):
most_recent = Book.objects.order_by('-timestamp')[:3]
try:
user_membership = Customer.objects.get(user=request.user)
except Customer.DoesNotExist:
user_membership = None
然后修改模板检查是否设置了user_membership:
{% if user_membership and user_membership.user == request.user %}
{% for content in book.pages %}
<a href="{{ content.get_absolute_url }}" class="site-btn">Read</a>
{% endfor %}
{% else %}
<button class="site-btn" disabled="disabled">Read</button>
{% endif %}