django Authentification中的网址问题
这是我的应用 urls.py
from django.urls import path, re_path
from . import views
app_name = 'music'
urlpatterns = [
path('register/', views.register, name='register'),
path('login_user/', views.login_user, name='login_user'),
path('logout_user/', views.logout_user, name='logout_user'),
#path('<int:album_id>/', views.detail, name='detail'),
path('<int:pk>/', views.DetailView.as_view(), name='detail'),
#re_path(r'^(?P<album_id>[0-9]+)/$', views.detail, name='detail'),
#path('<int:album_id>/favorite/', views.favorite, name='favorite'),
path('album/add', views.AlbumCreate.as_view(), name='album-add'),
path('album/<int:pk>/', views.AlbumUpdate.as_view(), name='album-update'),
path('album/<int:pk>/delete/', views.AlbumDelete.as_view(), name='album-delete'),
path('index/', views.IndexView.as_view(), name='index'),
path('', views.login_user)
# path('', views.index, name='index'),
]
这是我的 views.py 文件
from django.shortcuts import render, redirect
from django.contrib.auth import authenticate, login, logout
from django.views import generic
from django.views.generic import View
from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.urls import reverse_lazy
from django.contrib.auth.decorators import login_required
from .models import Album, Song
from django.db.models import Q
from .forms import UserForm
class IndexView(generic.ListView):
template_name = 'music/index.html'
def get_queryset(self):
return Album.objects.all()
class DetailView(generic.DetailView):
model = Album
template_name = 'music/detail.html'
class AlbumCreate(CreateView):
model = Album
fields = ['artist', 'alum_title', 'genre', 'album_logo']
class AlbumUpdate(UpdateView):
model = Album
fields = ['artist', 'alum_title', 'genre', 'album_logo']
class AlbumDelete(DeleteView):
model = Album
success_url = reverse_lazy('music:index')
@login_required(login_url="/login_user/")
class UserFormView(View):
form_class = UserForm
template_name = 'music/registration_form.html'
def get(self, request):
form = self.form_class(None)
return render(request, self.template_name,{'form':form})
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False)
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
user = authenticate(username=username, password=password)
if user is not None :
if user.is_active:
login(request, user)
return redirect('music:index')
return render(request, self.template_name,{'form' : form})
context = {
"form": form,
}
return render(request, 'music/registration_form.html', context)
def logout_user(request):
logout(request)
form = UserForm(request.POST or None)
context = {
"form": form,
}
return render(request, 'music/login.html', context)
def login_user(request):
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
albums = Album.objects.filter(user=request.user)
return render(request, 'music/index.html', {'albums': albums})
else:
return render(request, 'music/login.html', {'error_message': 'Your account has been disabled'})
else:
return render(request, 'music/login.html', {'error_message': 'Invalid login'})
else:
return render(request, 'music/login.html')
def register(request):
form = UserForm(request.POST or None)
if form.is_valid():
user = form.save(commit=False)
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user.set_password(password)
user.save()
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
albums = Album.objects.filter(user=request.user)
return render(request, 'music/index.html', {'albums': albums})
context = {
"form": form,
}
return render(request, 'music/register.html', context)
这是我的 models.py 文件
from django.contrib.auth.models import Permission, User
from django.db import models
from django.urls import reverse
class Album(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE, default=1)
artist = models.CharField(max_length=20)
alum_title = models.CharField(max_length=20)
genre = models.CharField(max_length=10)
album_logo = models.FileField()
def get_absolute_url(self):
return reverse('music:detail', kwargs={'pk':self.pk})
def __str__(self):
return self.alum_title + self.artist
class Song(models.Model):
album = models.ForeignKey(Album, on_delete=models.CASCADE)
file_type = models.CharField(max_length=10)
song_title = models.CharField(max_length=20)
is_favorite = models.BooleanField(default=False)
def __str__(self):
return self.song_title
我的问题是,当我注销并尝试使用网址时,它会记录,但用户会话已结束 我尝试用 login_required 来解决问题,但是没有人能帮我解决这个问题吗?
答案 0 :(得分:0)
我想我明白你在问什么。因此,当您注销然后尝试访问仅权限页面时,您仍然可以获得访问权限。
首先 - 不确定是否存在问题,但我认为应该有一个尾随&#34;,&#34;在您的urlpatterns中为login_user。
第二 - 如果您使用的是django用户模型,为什么要创建这些复杂的视图方法? Django可以自己处理所有这些,在views.py文件中将它全部推到一边似乎很麻烦。你需要的只是一些html文件来呈现它。
我强烈建议您查看本教程的Setting Up Your Authentication Views部分,因为它通过一个非常好地设置用户的示例,然后您可以从views.py中删除登录和注销方法,并且只有使用&#34; @ login_required&#34;对于要限制访问的页面。
如果有帮助,请告诉我。