Django自定义登录页面条件不起作用

时间:2018-12-04 10:24:20

标签: django django-views

我有2个登录页面-login_adminlogin_user分别是管理员和普通用户。

当用户在login_adminlogin_user页中输入用户名和密码时,它将检查用户is_staffTrue还是False。 如果用户is_staff = True,则允许用户登录管理页面。

我的问题是:尽管is_staff = True,但用户无法登录到管理页面。尽管is_staff = True,但用户仍可以登录到普通用户页面。我不知道问题出在哪里。

这是我在views.py中的代码:

def login_admin(request):
    context = {}
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if request.user.is_staff:
                    login(request, user)
                    return redirect('/home/')
                else:
                    context['error'] = "You are authenticated but are not authorized to access this page. Would you like to login to a different account?"
                    return render(request, 'registration/login.html',context)
            else:
                context['error'] = "Invalid username or password!"
                return render(request, 'registration/login.html',context)
    return render(request, 'registration/login.html')

def login_user(request):
    context = {}
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if not request.user.is_staff:
                    login(request, user)
                    return redirect('/cust/home/')
                else:
                    context['error'] = "Invalid username or password!"
                    return render(request, 'registration/custlogin.html',context)
            else:
                context['error'] = "Invalid username or password!"
                return render(request, 'registration/custlogin.html',context)
    return render(request, 'registration/custlogin.html')

login.html 

{% extends 'base.html' %}

{% block title %}Login{% endblock %}

{% block content %}
<h2>Admin Login Screen</h2>
<a href="{% url 'login_user' %}">Customer Login Page</a>
<form method="post">
  {% csrf_token %}
  <table cellpadding="10">
      <tr>
          <td><label for="usename">Username: </label></td>
          <td><input type="text" name="username" id="username" required></td>
      </tr>
      <tr>
          <td><label for="password">Password: </label></td>
          <td><input type="password" name="password" id="password" required></td>
      </tr>
      <p style="color:red; font-weight: bold">{{ error }}</p>
  </table>
  <button type="submit" class="btn btn-primary">Login</button>
</form>
{% endblock %}

url.py 

url(r'accounts/login/', customers.views.login_admin,name='login_admin'),
url(r'accounts/custlogin/', customers.views.login_user,name='login_user'),
url(r'accounts/logout/', customers.views.logout_user,name='logout_user'),

已更新

当is_staff = True / False时,我无法登录到管理页面,这将返回错误You are authenticated but are not authorized to access this page. Would you like to login to a different account?,该错误代码是用我的代码编写的,但是当is_staff = True / False时,则可以登录用户页面。 如果我删除if user.is_staff,则适用于管理员和普通用户。

urls.py 

url(r'^accounts/login/$', customers.views.login_admin,name='login_admin'),
url(r'^accounts/custlogin/$', customers.views.login_user,name='login_user'),
url(r'^accounts/logout/$', customers.views.logout_user,name='logout_user'),

更新的V2:

我已经尝试了@Rarblack编写的代码,但仍然收到错误:'QuerySet' object has no attribute 'is_staff'

所以我修改了代码,它可以正常工作。

from django.contrib.auth.models import User

if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                            user_instance = User.objects.filter(Q(username_exact=username) & Q(is_staff=True))
                if user_instance:
                    login(request, user)
                    return redirect('/home/')
                else:
                     ....

2 个答案:

答案 0 :(得分:1)

从代码中可以看到,您正在从登录表单中获取密码和用户名,并且您的实现不正确。您应该使用django表单或ModelForm并从1. Number one Number two Number three Number four 字典获取输入。应该是这样的:

            VariableValue listorderlinenames = factory.Variables.FirstOrDefault(x => x.Name == "[Offer.Orderline.OrderLineNames]");
            Paragraph foundlistorderlinenames = factory.Document.Paragraphs.Where(x => x.Text.IndexOf(listorderlinenames.Name) >= 0).FirstOrDefault();
            foreach (Orderline orderline in offer.OrderLines)
            {
                foundlistorderlinenames.IndentationBefore = 3;
                foundlistorderlinenames.Append(counter + 1 + ". " + orderline.Name);
                foundlistorderlinenames.Append("\r\n");
            }

当我们谈到您的问题时,问题出在这一部分:

cleaned_data

您正在做的基本上是让编外人员进入。将其更改为:

 if request.method == 'POST':
        form = ExampleForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data'password']
            if username and password:
                user = authenticate(username=username, password=password) 
                ......

EIDT::您在if not request.user.is_staff: login(request, user) return redirect('/cust/home/') 方法中缺少请求部分,请尝试以下操作:

if request.user.is_staff:
                    login(request, user)
                    return redirect('/cust/home/')

问题在于您无法检查任何用户的职员身份,因为那时没有任何用户登录进行检查。因此request.user将不会返回用户。但是您可以尝试以下方法:

authenticate()

答案 1 :(得分:0)

在两个视图中都使用if not request.user.is_staff:。对于login_admin,如果只希望员工能够登录,则应将其更改为:

if request.user.is_staff:
相关问题
最新问题