每当不允许用户访问任何页面时,我都会使用django' PermissionDenied来呈现403.html。
有很多不同类型的网页,例如Product page,User Page,User Contact information,Owner Information。
我想用PermissionDenied添加自定义消息,这将告诉用户他无法查看此页面的确切原因。我想将以下动态消息添加到403.html。
You have are trying to `View a Product (id:3094384)` while having a `Trail` account. You are not authorized to view this product.
和
You have are trying to `View a Customer (id:48)` which is Private. You are not authorized to view this User.
等等。
elif role.id == Project.ROLE_SALES and not project.sales_person_id == user_id:
raise PermissionDenied
<body class="error-page">
<!-- content -->
<section>
<div class="error403">
<h1>403</h1>
</div>
<p class="description">Oops! Request forbidden...</p>
<p>Sorry, it appears the page you were looking for is forbidden and not accessible. If the problem persists, please
contact web Administrator.</p>
# HERE I WANT TO SHOW DYNAMIC MESSAGE.
<a href="{{ request.META.HTTP_REFERER }}" class="btn btn-danger403 btn-primary btn-large" >
Go Back </a>
{{ except }}
</section>
<script src="{% static 'js/jquery.min.js' %}"></script>
<script src="{% static 'js/bootstrap.js' %}"></script>
</body>
raise PermissionDenied("Custom message")
将上下文传递给PermissionDenied?
建议。
答案 0 :(得分:11)
这个答案可能很晚才到你。但在这里。 您可以在Django代码中使用它:
raise PermissionDenied("Custom message")
然后在403.html模板中使用以下代码段显示自定义消息:
{% if exception %}
<p>{{ exception }}</p>
{% else %}
<p>Static generic message</p>
{% endif %}
传递给&#39; PermissionDenied&#39;的消息字符串在Django文档中解释的模板上下文中可用 - https://docs.djangoproject.com/en/1.10/ref/views/#http-forbidden-view
答案 1 :(得分:1)
我遇到了同样的问题,并使用Django消息框架将其解析为将自定义消息传递给模板。
https://docs.djangoproject.com/en/1.8/ref/contrib/messages/
我的具体例子:
from django.contrib import messages
...
messages.error(request, 'The submission deadline has passed.')
raise PermissionDenied
然后可以按照文档中的描述在模板中输出消息。
答案 2 :(得分:0)
您可以尝试这样:
class SomeException(Exception):
message = 'An error occurred.'
def __init__(self, message):
self.message = message
def __str__(self):
return repr(self.message)
#usage
raise SomeException("Hello, you have an exception here")
向模板发送消息的另一种方法是:
if not request.user.is_staff: #or your condition
context['flash_message']= "permission error occurred"
retrun render_to_response('template.html', context)
# template
<!-- I am using bootstrap here -->
<div class="alert alert-{{ flash_message_type }} flash_message hide">
{{ flash_message | safe }}
</div>
<script>
...
if($.trim($(".flash_message").html()) != ''){
$(".flash_message").slideDown();
setTimeout(function(){
$(".flash_message").slideUp();
}, 5000);
};
</script>
答案 3 :(得分:0)
这里也是同样的问题。
在django 1.9 we have this built in。在最早的django版本中,我们可以使用sys.exc_info(),因此下一步就是重用整个默认permission_denied处理程序来添加我们的异常。
# urls.py
...
handler403 = 'project.views.errors.permission_denied'
...
# views/errors.py
import sys
from django import http
from django.template import Context, TemplateDoesNotExist, loader
from django.views.decorators.csrf import requires_csrf_token
@requires_csrf_token
def permission_denied(request, template_name='403.html'):
_, value, _ = sys.exc_info()
try:
template = loader.get_template(template_name)
except TemplateDoesNotExist:
return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html')
return http.HttpResponseForbidden(
template.render(request=request, context={'exception': force_text(value)})
)
# templates/403.html
...
{{ exception }}
...
答案 4 :(得分:0)
如果您使用的是基于类的视图(CBV),或使用任何扩展age的内容,请设置favorite_color属性或重写AccessMixin方法。
示例:
permission_denied_message,然后在您的模板中:
get_permission_denied_message