Django:为当前用户过滤数据库
Django: filter database for current user
在我的网页上,我希望用户按月和年过滤数据库。
为此,我创建了一个 filters.py 。
我的问题:我没有管理用户只过滤自己的数据,但他也能看到其他用户的数据。
到目前为止,我已经尝试使用@login_required 和objects.filter(user=self.request.user) 方法。两者都没有解决我的问题。
如有任何建议,我将不胜感激!
这是我的代码:
models.py:
from django.db import models
from django.contrib.auth.models import User
class UserDetails(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE, related_name="new_spending", null=True)
expense_name = models.CharField(max_length=255)
cost = models.FloatField()
date_added = models.DateTimeField()
filters.py
from .models import UserDetails
import django_filters
class BudgetFilter(django_filters.FilterSet):
year_added = django_filters.NumberFilter(field_name='date_added', lookup_expr='year', label='Year [yyyy]')# lookup_expr='year',
month_added = django_filters.NumberFilter(field_name='date_added', lookup_expr='month', label='Month [mm]')
class Meta:
model = UserDetails
fields = ['year_added', 'month_added']
views.py
from django.shortcuts import render
from .models import UserDetails
from .filters import BudgetFilter
from django.contrib.auth.decorators import login_required
@login_required
def search(request):
lista = UserDetails.objects.filter(user= request.user)
filtered_list = BudgetFilter(request.GET, queryset=lista)
return render(request, 'budget_app/user_list.html', {
'filter': filtered_list,
'users': lista
})
urls.py:
from django.urls import path
from . import views
from django_filters.views import FilterView
from .filters import BudgetFilter
urlpatterns = [
...
path('search/', FilterView.as_view(filterset_class=BudgetFilter,
template_name='budget_app/user_list.html'), name='search'),
]
html 文件:
{% extends 'budget_app/budget_base.html' %}
{% block content %}
<form method="get">
{{ filter.form.as_p }}
<button type="submit">Search</button>
</form>
<ul>
{% for item in filter.qs %}
<li>{{ item.title }} - {{ item.date_added }}</li>
{% endfor %}
</ul>
{% endblock %}
谢谢!
你在这里触发了一个FilterView,而不是search函数,因此无论你改变什么,它都不会改变任何东西。话虽如此,我认为 subclass FilterView:
可能更好
# app/views.py
from django.contrib.auth.mixins import LoginRequiredMixin
from django_filters.views import <b>FilterView</b>
from .models import UserDetails
class UserDetailsFilterView(FilterView):
filterset_class=BudgetFilter
template_name='budget_app/user_list.html'
def get_queryset(self):
return UserDetails.objects.filter(user=self.request.user)
然后在 urls.py 你可以只使用 UserDetailsFilterView:
# app/urls.py
from django.urls import path
from . import views
urlpatterns = [
...
path('search/', <b>views.UserDetailsFilterView.as_view()</b>, name='search'),
]
在我的网页上,我希望用户按月和年过滤数据库。
为此,我创建了一个 filters.py 。
我的问题:我没有管理用户只过滤自己的数据,但他也能看到其他用户的数据。
到目前为止,我已经尝试使用@login_required 和objects.filter(user=self.request.user) 方法。两者都没有解决我的问题。
如有任何建议,我将不胜感激!
这是我的代码:
models.py:
from django.db import models
from django.contrib.auth.models import User
class UserDetails(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE, related_name="new_spending", null=True)
expense_name = models.CharField(max_length=255)
cost = models.FloatField()
date_added = models.DateTimeField()
filters.py
from .models import UserDetails
import django_filters
class BudgetFilter(django_filters.FilterSet):
year_added = django_filters.NumberFilter(field_name='date_added', lookup_expr='year', label='Year [yyyy]')# lookup_expr='year',
month_added = django_filters.NumberFilter(field_name='date_added', lookup_expr='month', label='Month [mm]')
class Meta:
model = UserDetails
fields = ['year_added', 'month_added']
views.py
from django.shortcuts import render
from .models import UserDetails
from .filters import BudgetFilter
from django.contrib.auth.decorators import login_required
@login_required
def search(request):
lista = UserDetails.objects.filter(user= request.user)
filtered_list = BudgetFilter(request.GET, queryset=lista)
return render(request, 'budget_app/user_list.html', {
'filter': filtered_list,
'users': lista
})
urls.py:
from django.urls import path
from . import views
from django_filters.views import FilterView
from .filters import BudgetFilter
urlpatterns = [
...
path('search/', FilterView.as_view(filterset_class=BudgetFilter,
template_name='budget_app/user_list.html'), name='search'),
]
html 文件:
{% extends 'budget_app/budget_base.html' %}
{% block content %}
<form method="get">
{{ filter.form.as_p }}
<button type="submit">Search</button>
</form>
<ul>
{% for item in filter.qs %}
<li>{{ item.title }} - {{ item.date_added }}</li>
{% endfor %}
</ul>
{% endblock %}
谢谢!
你在这里触发了一个FilterView,而不是search函数,因此无论你改变什么,它都不会改变任何东西。话虽如此,我认为 subclass FilterView:
# app/views.py
from django.contrib.auth.mixins import LoginRequiredMixin
from django_filters.views import <b>FilterView</b>
from .models import UserDetails
class UserDetailsFilterView(FilterView):
filterset_class=BudgetFilter
template_name='budget_app/user_list.html'
def get_queryset(self):
return UserDetails.objects.filter(user=self.request.user)
然后在 urls.py 你可以只使用 UserDetailsFilterView:
# app/urls.py
from django.urls import path
from . import views
urlpatterns = [
...
path('search/', <b>views.UserDetailsFilterView.as_view()</b>, name='search'),
]