用户可以看到彼此的帖子。我使用了@loginrequired装饰器,但是没有用

时间:2019-02-11 18:02:25

标签: python django

我希望登录的用户只能看到他的帖子。但是在我的网站上,用户可以看到用户发布的所有帖子。

这是github链接https://github.com/ualmaz/post。欢迎您克隆并检查是否需要。

我尝试使用@loginrequired装饰器。但这没有用。

我的模型。py

from django.db import models
from django.utils import timezone
from django.contrib.auth.models import AbstractUser
from PIL import Image
from django.db.models.signals import post_save


class User(AbstractUser):
    first_name = models.CharField(verbose_name="First name", max_length=255)
    last_name = models.CharField(verbose_name="First name", max_length=255)
    country = models.CharField(verbose_name="Country name", max_length=255)
    city = models.CharField(verbose_name="City name", max_length=255)
    email = models.EmailField(verbose_name="Email", max_length=255)

    def __str__(self):
        return self.username

class Post(models.Model):
    title = models.CharField(max_length=255)
    country = models.CharField(max_length=255)
    city = models.CharField(max_length=255)
    address = models.CharField(max_length=255)
    email = models.EmailField(max_length=255)
    phone = models.CharField(max_length=255)
    website = models.CharField(max_length=255)
    date_posted = models.DateTimeField(default=timezone.now)
    author = models.ForeignKey(User, on_delete=models.CASCADE)

    def __str__(self):
        return self.title




class Profile(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    image = models.ImageField(default='default.jpg', upload_to='profile_pics')

    def __str__(self):
        return f'{self.user.username} Profile'

def create_profile(sender, **kwargs):
    if kwargs['created']:
        user_profile = Profile.objects.create(user=kwargs['instance'])

post_save.connect(create_profile, sender=User)

我的views.py 


from django.shortcuts import render, redirect
from django.urls import reverse_lazy
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import CreateView, DetailView
from .forms import UserCreationModelForm, UserUpdateForm, ProfileUpdateForm
from .models import User, Profile, Post
from django.http import HttpResponse

class UserRegistrationView(CreateView):
    form_class = UserCreationModelForm
    success_url = reverse_lazy('login')
    template_name = 'users/registration.html'

class CabinetView(LoginRequiredMixin, DetailView):
    model = User

    def get_object(self):
        return self.request.user

@login_required
def blog(request):

    context = {
            'posts': Post.objects.all()
    }
    return render(request, 'users/post_list.html', context)



def home(request):
    return render(request, 'registration/home.html')

我的urls.py 

from django.urls import path
from .views import UserRegistrationView, CabinetView
from . import views

app_name = 'users'

urlpatterns = [
    path('accounts/register/', UserRegistrationView.as_view(), name='register'),
    path('accounts/cabinet/', CabinetView.as_view(), name='cabinet'),
    path('', views.home, name='home'),
    path('accounts/cabinet/blog/', views.blog, name='blog'),

]

我的post_list.html 

{% extends 'shared/base.html' %}
{% load staticfiles %}
{% load crispy_forms_tags %}


{% block content %}

<br>
<br>
<div class="container mt-5">
        {% for post in posts %}
    <table class="table table-hover">
       <tbody>
        <tr>
          <th>Name: </th>
            <td>{{ post.title }}1</td>
        </tr>
        <tr>
          <th>Country: </th>
            <td>{{ post.country }}</td>
        </tr>
        <tr>
          <th>City: </th>
            <td>{{ post.city }}</td>
        </tr>
        <tr>
          <th>Address: </th>
            <td>{{ post.address }}</td>
        </tr>
        <tr>
          <th>Email: </th>
            <td>{{ post.email }}</td>
        </tr>
        <tr>
          <th>Phone: </th>
            <td>{{ post.phone }}</td>
        </tr>
        <tr>
          <th>Website: </th>
            <td>{{ post.website }}</td>
        </tr>
    </tbody>
</table>
{% endfor %}

</div>
</div>
</div>
</div>
</div>

{% endblock %}

我希望每个用户只能看到他们自己的帖子。

1 个答案:

答案 0 :(得分:5)

查看功能中存在问题:应根据请求用户(当前登录的用户)过滤帖子。

loginrequired装饰器 django.contrib.auth.middleware.AuthenticationMiddleware将相应的User对象作为user字典的属性request放置,因此您可以在您的视图功能中轻松访问它。

赞:

@login_required
def blog(request):
    context = {
        'posts': Post.objects.filter(author=request.user)
    }
    return render(request, 'users/post_list.html', context)
相关问题
最新问题