Django基于类的DeleteView示例

时间:2011-04-03 17:36:54

标签: django django-views django-class-based-views

有没有人知道或者可以请任何人制作Django基于类的通用DeleteView的简单示例?我想子类化DeleteView并确保当前登录的用户在删除之前拥有该对象的所有权。任何帮助将非常感谢。提前谢谢。

4 个答案:

答案 0 :(得分:58)

这是一个简单的问题:

from django.views.generic import DeleteView
from django.http import Http404

class MyDeleteView(DeleteView):
    def get_object(self, queryset=None):
        """ Hook to ensure object is owned by request.user. """
        obj = super(MyDeleteView, self).get_object()
        if not obj.owner == self.request.user:
            raise Http404
        return obj

注意事项:

  • DeleteView不会删除GET次请求;这是您提供确认模板(您可以在template_name类属性中提供名称)的机会,其中“是我确定”按钮POST到此视图
  • 您可能更喜欢404的错误消息?在这种情况下,请改写delete方法,在get_object调用后检查权限并返回自定义响应。
  • 不要忘记提供与(可选自定义的)success_url类属性匹配的模板,以便用户可以确认该对象已被删除。

答案 1 :(得分:43)

我基本上已经对一些基于通用类的视图进行了细分。主要的区别是我刚刚过滤掉了查询集。我无法保证这种方法是好还是坏,但对我来说更有意义。

随意忽略“MessageMixin” - 这就是使用Django Messaging Framework轻松呈现消息的w /为每个视图指定的变量。这是我为我们的网站编写的代码:

浏览

from django.views.generic import CreateView, UpdateView, \
        DeleteView, ListView, DetailView

from myproject.core.views import MessageMixin

class RequestCreateView(MessageMixin, CreateView):
    """ 
    Sub-class of the CreateView to automatically pass the Request to the Form. 
    """
    success_message = "Created Successfully"

    def get_form_kwargs(self):
        """ Add the Request object to the Form's Keyword Arguments. """
        kwargs = super(RequestCreateView, self).get_form_kwargs()
        kwargs.update({'request': self.request})
        return kwargs

class RequestUpdateView(MessageMixin, UpdateView):
    """
    Sub-class the UpdateView to pass the request to the form and limit the
    queryset to the requesting user.        
    """
    success_message = "Updated Successfully"

    def get_form_kwargs(self):
        """ Add the Request object to the form's keyword arguments. """
        kwargs = super(RequestUpdateView, self).get_form_kwargs()
        kwargs.update({'request': self.request})
        return kwargs

    def get_queryset(self):
        """ Limit a User to only modifying their own data. """
        qs = super(RequestUpdateView, self).get_queryset()
        return qs.filter(owner=self.request.user)

class RequestDeleteView(MessageMixin, DeleteView):
    """
    Sub-class the DeleteView to restrict a User from deleting other 
    user's data.
    """
    success_message = "Deleted Successfully"

    def get_queryset(self):
        qs = super(RequestDeleteView, self).get_queryset()
        return qs.filter(owner=self.request.user)

用法

然后,您可以轻松创建自己的视图以使用此类功能。例如,我只是在我的urls.py中创建它们:

from myproject.utils.views import RequestDeleteView

#...

url(r'^delete-photo/(?P<pk>[\w]+)/$', RequestDeleteView.as_view(
                   model=Photo,
                   success_url='/site/media/photos',
                   template_name='site/media-photos-delete.html',
                   success_message='Your Photo has been deleted successfully.'
                   ), name='fireflie-delete-photo-form'),

表单

需要注意的重要事项:我已经重载了那些get_form_kwargs()方法,以便为我的Forms提供一个'request'实例。如果您不希望将Request对象传递给Form,只需删除那些重载的方法。如果您想使用它们,请遵循以下示例:

from django.forms import ModelForm

class RequestModelForm(ModelForm):
    """
    Sub-class the ModelForm to provide an instance of 'request'.
    It also saves the object with the appropriate user.
    """
    def __init__(self, request, *args, **kwargs):
        """ Override init to grab the request object. """
        self.request = request
        super(RequestModelForm, self).__init__(*args, **kwargs)

    def save(self, commit=True):
        m = super(RequestModelForm, self).save(commit=False)
        m.owner = self.request.user
        if commit:
            m.save()
        return m

这比您要求的要多一些 - 但它也有助于了解如何对创建和更新视图执行相同操作。这种相同的通用方法也可以应用于ListView&amp;的DetailView。

MessageMixin

万一有人想要我使用的MessageMixin。

class MessageMixin(object):
    """
    Make it easy to display notification messages when using Class Based Views.
    """
    def delete(self, request, *args, **kwargs):
        messages.success(self.request, self.success_message)
        return super(MessageMixin, self).delete(request, *args, **kwargs)

    def form_valid(self, form):
        messages.success(self.request, self.success_message)
        return super(MessageMixin, self).form_valid(form)

答案 2 :(得分:4)

最简单的方法是预过滤查询集:

from django.views.generic import DeleteView


class PostDeleteView(DeleteView):
    model = Post
    success_url = reverse_lazy('blog:list_post')

    def get_queryset(self):
        owner = self.request.user
        return self.model.objects.filter(owner=owner)

答案 3 :(得分:0)

我建议最好(也是最简单)的方法是使用UserPassesTestMixin,让您更清晰地分离关注点。

示例:

from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.views.generic import DeleteView


class MyDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
    def test_func(self):
        """ Only let the user access this page if they own the object being deleted"""
        return self.get_object().owner == self.request.user
相关问题
最新问题