如何使用detailview类限制对对象的访问

时间:2017-03-09 12:07:45

标签: python django django-views

我试图将显示对象限制为创建它的用户。 是在对象模型中使用外键完成的吗?

例: 用户1可以访问对象1 用户2可以访问对象2

此时任何用户都可以访问任何对象,只需输入该对象的正确URL即可。

档案views.py 

from django.shortcuts import render
from django.http.response import Http404
from .models import Host
from django.views.generic.detail import DetailView
from django.views.generic.list import ListView
from django.contrib.auth.decorators import login_required
# Create your views here.


def index(request):
    return render(request, 'index.html')


class HostDetail(DetailView):

    model = Host

    def get_context_data(self, **kwargs):
        context = super(HostDetail, self).get_context_data(**kwargs)
        return context


class HostList(ListView):

    model = Host

    def get_queryset(self, **kwargs):

        qs = super(HostList, self).get_queryset(**kwargs).filter(perfil=self.request.user.perfil.id)
        return qs

文件models.py 

class Perfil(models.Model):

    usuario = models.OneToOneField(User, on_delete=models.CASCADE)
    zbx_user = models.CharField(max_length=255, null=False)
    pwd = models.CharField(max_length=255, null=False)
    nome = models.CharField(max_length=255, null=False)
    grupo = models.CharField(max_length=255, null=False)
    numero_hosts = models.IntegerField(null=True)

    def __str__(self):

        return self.nome

class Host(models.Model):

    host_name = models.CharField(max_length=120)
    templateid = models.PositiveIntegerField()
    tipo = models.PositiveIntegerField()
    ip = models.GenericIPAddressField()
    dns = models.CharField(max_length=120, default="")
    host_id = models.PositiveIntegerField()
    # Relacionamento 1 pra N com Perfil
    perfil = models.ForeignKey(Perfil, on_delete=models.CASCADE)

    def __str__(self):
        return self.host_name

档案urls.py 

from django.conf.urls import url
from . import views
from django.conf.urls.static import static
from django.conf import settings
from .views import HostDetail, HostList

urlpatterns = [

    # Rota para index perfis
    url(r'^$', views.index, name='index'),
    url(r'^host/(?P<pk>\d+)$', HostDetail.as_view(), name='HostDetail'),
    url(r'^host/$', HostList.as_view(), name='HostList'),

由于

2 个答案:

答案 0 :(得分:2)

使用与ListView相同的方法。使用self.request.user过滤查询集。

您可能还希望在两个视图上都使用LoginRequiredMixin,以便只有已登录的用户才能访问这些视图。

from django.contrib.auth.mixins import LoginRequiredMixin

class HostDetail(LoginRequiredMixin, DetailView):
    model = Host

    def get_queryset(self):
        qs = super(HostList, self).get_queryset().filter(perfil=self.request.user.perfil_id)
        return qs

    ...

答案 1 :(得分:0)

重写DetailView类的dispatch()方法。

 def dispatch(self, *args, **kwargs):
    # Custom user permission check
    return super(HostDetail, self).dispatch(*args, **kwargs)
相关问题
最新问题