中的对象所有权验证

中的对象所有权验证

本文介绍了Django UpdateView 中的对象所有权验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

对我来说更好的解决方案是使用权限系统,特别是因为我需要对对象进行其他类型的受控访问.我现在使用 Django-guardian 来帮助处理这样的对象级权限.

原文:

我通过让用户上传故事以及作者、出版商等来扩展标准 django 书籍指南.我试图只让故事的作者(创建者)使用更新视图,其他用户被重定向.

在 UpdateStory 视图中修改 get_object 将其设置为关闭,但由于某种原因回溯通过我的 StoryForm init.错误是 'HttpResponseRedirect' 对象没有属性 '_meta'

views.py

class UpdateStory(LoginRequiredMixin, UpdateView):模型 = 故事template_name = '故事/story_update.html'form_class = StoryFormdef get_object(self, queryset=None):obj = super(UpdateStory, self).get_object()如果不是 obj.author == self.request.user:返回重定向(对象)返回对象

forms.py

class StoryForm(forms.ModelForm):def __init__(self, *args, **kwargs):super(StoryForm,self).__init__(*args, **kwargs)

我还是个新手,所以这可能很明显,但我已经找了几个小时了,但我被难住了.

解决方案

http://ccbv.co.uk/projects/Django/1.5/django.views.generic.edit/UpdateView/

通过上面的链接了解 UpdateView 的工作原理.get_object 应该返回模型实例,它不应该返回 HttpResponseRedirect 对象,这就是您收到该错误的原因.

尝试在 dispatch 方法中进行检查,如下所示.

def dispatch(self, request, *args, **kwargs):""" 确保只有作者才能更新故事 """obj = self.get_object()如果 obj.author != self.request.user:返回重定向(对象)return super(UpdateStory, self).dispatch(request, *args, **kwargs)

PS:我想不建议覆盖调度.但正如你必须对 get 和 post 方法进行检查,覆盖调度会更容易.

EDIT:

The better solution for me was just using a permissions system, especially since I needed other types of controlled access to objects. I now use Django-guardian to help with object level permissions like this.

Original:

I'm expanding a bit on the standard django book guide by letting users upload stories, as well as having author, publisher, etc. I'm attempting to only let authors (creators) of a story use the updateview, with other users being redirected away.

Modifying get_object in the UpdateStory view set it off, but the traceback goes through my StoryForm init for some reason. The error is 'HttpResponseRedirect' object has no attribute '_meta'

views.py

class UpdateStory(LoginRequiredMixin, UpdateView):
    model = Story
    template_name = 'stories/story_update.html'
    form_class = StoryForm

    def get_object(self, queryset=None):
        obj = super(UpdateStory, self).get_object()
        if not obj.author == self.request.user:
            return redirect(obj)
        return obj

forms.py

class StoryForm(forms.ModelForm):
    def __init__(self, *args, **kwargs):
        super(StoryForm,self).__init__(*args, **kwargs)

I'm still new, so it might be obvious, but I've been looking for a couple hours and I'm stumped.

解决方案

http://ccbv.co.uk/projects/Django/1.5/django.views.generic.edit/UpdateView/

Go through the above link to understand how UpdateView works. get_object is supposed to return the model instance, It is not supposed to return HttpResponseRedirect object, that's why you are getting that error.

Try doing the check in dispatch method like the following.

def dispatch(self, request, *args, **kwargs):
    """ Making sure that only authors can update stories """
    obj = self.get_object()
    if obj.author != self.request.user:
        return redirect(obj)
    return super(UpdateStory, self).dispatch(request, *args, **kwargs)

这篇关于Django UpdateView 中的对象所有权验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 20:41