我正在尝试针对创建他们正在查看的页面的用户检查当前登录的用户。基本上,如果我已登录,我就不能转到其他用户的帖子/个人资料,只需输入编辑网址模式就可以编辑它。
以下是我的观点:
class UserEditProfileView(LoginRequiredMixin,UpdateView):
login_url = '/login/'
model = UserProfile
fields = [
'first_name',
'profile_pic',
'location',
'title',
'user_type',
'about',
'website',
'twitter',
'dribbble',
'github'
]
template_name_suffix = '_edit_form'
def qet_queryset(self,request):
current_user = request.user.id
url_args = request.resolver_match.kwargs.pk
if current_user != url_args:
reverse('index')
我有get_queryset函数及其中的if语句,用于检查当前登录的用户是否是他们尝试编辑的配置文件的所有者,如果不是,则重定向。但它没有做任何事情......我该如何实现呢?
更新
查看:
class UserEditProfileView(LoginRequiredMixin,UpdateView):
login_url = '/login/'
model = UserProfile
form_class = UserProfileForm
template_name = 'users/userprofile_edit_form.html'
def get_object(self):
return User.objects.get(username=self.request.user.username)
def get_success_url(self):
userid = self.kwargs['pk']
return reverse_lazy('users:user_profile',kwargs={'pk': userid})
网址:
from django.conf.urls import url
from users import views
app_name = 'users'
urlpatterns = [
url(r'^$',views.UserListView.as_view(),name='user_list'),
url(r'^(?P<pk>\d+)/$',views.detailprofile,name='user_profile'),
# url(r'^(?P<pk>\d+)/edit$',views.UserEditProfileView.as_view(),name='user_profile_edit'),
url(
regex=r'^profile/$',
view=views.UserEditProfileView.as_view(),
name='profile'
),
]
更新2
Userprofile_detail.html Template:
{% extends "base.html" %}
{% block content %}
<div class="sidebar-userinfo">
{% if user.userprofile.profile_pic %}
<img class="profile-pic" src="{{ user.userprofile.profile_pic.url }}">
{% else %}
<img class="profile-pic" src="../../../media/profile_pics/default_pro_pic.png">
{%endif%}
<div class="profile-top-info">
<h2 class="profile-name">{{ user.userprofile.first_name }}</h2>
{% if user.userprofile.location %}
<p class="profile-info small-text">{{ user.userprofile.location }}</p>
{% endif %}
</div>
<div class="profile-info-group">
<p class="accent list-text">Title:</p>
<p class="profile-info list-text">{{ user.userprofile.title }}</p>
<p class="accent list-text">Website:</p>
<p class="profile-info list-text">{{ user.userprofile.website }}</p>
<p class="accent list-text">I'm a:</p>
{% if user.userprofile.user_type == '1' %}
<p class="profile-info list-text">Designer</p>
{% elif user.userprofile.user_type == '2' %}
<p class="profile-info list-text">Developer</p>
{% else %}
<p class="profile-info list-text">Both</p>
{% endif %}
{% if user.userprofile.about %}
<p class="accent list-text">About Me:</p>
<p class="profile-info list-text">{{ user.userprofile.about }}</p>
{% endif %}
<p class="accent list-text">Member Since:</p>
<p class="profile-info list-text">{{ user.userprofile.join_date }}</p>
{% if user.userprofile.twitter %}
<p class="accent list-text">Twitter:</p>
<p class="profile-info list-text">{{ user.userprofile.twitter }}</p>
{% endif %}
{% if user.userprofile.dribbble %}
<p class="accent list-text">Dribbble:</p>
<p class="profile-info list-text">{{ user.userprofile.dribbble }}</p>
{% endif %}
{% if user.userprofile.github %}
<p class="accent list-text">Git Hub:</p>
<p class="profile-info list-text">{{ user.userprofile.github }}</p>
{% endif %}
</div>
{% if request.user.is_authenticated %}
<a class="link" href="{% url 'users:user_profile_edit' %}">Edit Profile</a>
{% endif %}
</div>
<div class="content-right">
{% if user.is_authenticated %}
<a class="btn float-right" href="{% url 'feed:new_post' %}">New Post</a>
{% endif %}
{% include 'feed/userpost_list_inner.html' %}
</div>
{% endblock %}
用户个人资料_edit_form.html模板:
{% extends "users/base.html" %}
{% block content %}
<div class="form-title">
<h2 class="form-title-text">Edit Profile</h2>
</div>
<div class="user-forms-base">
<form method="POST" enctype="multipart/form-data">
{% csrf_token %}
{{ form.as_p }}
<input class="btn" type="submit" value="Save" />
</form>
</div>
{% endblock %}
答案 0 :(得分:2)
Sam Bobel是正确的,这是配置文件问题的代码解决方案:
forms.py:
class UserSettingsForm(forms.ModelForm):
class Meta:
model = UserProfile
fields = [
'first_name',
'profile_pic',
'location',
'title',
'user_type',
'about',
'website',
'twitter',
'dribbble',
'github'
]
urls.py:
urlpatterns = [
url(
regex=r'^profile/$',
view=views.UserEditProfileView.as_view(),
name='profile'
),
]
views.py:
class UserEditProfileView(LoginRequiredMixin, UpdateView):
form_class = UserProfileForm
template_name = 'users/userprofile_edit_form.html'
def get_object(self):
# Only get the User record for the user making the request
return User.objects.get(username=self.request.user.username)
答案 1 :(得分:1)
我会采用稍微不同的方式。您真的不希望这些URL存在,因为您不想诱使用户更改数字。相反,我根本不会将PK传递给URL,而只是通过覆盖get_object方法来获取当前用户以使用request.user.id。
有关详细信息,请参阅Here
如果澄清有帮助,请告诉我
答案 2 :(得分:0)
您可以使用装饰器。 `
def your_decorator(view_func):
def wrapped(request, *args, **kwargs):
.....do your conditions here...if fail redirection takes place here
return view_func(request, *args, **kwargs)
return wrapped
只需使用装饰器即可。