如何在Django中对特定用户和特定项目使用deleteview?

问题描述 投票:0回答:2

我有这些模型。每个回复可以没有、一个或多个帖子。帖子是特定于用户的。如何创建删除视图,以便用户只能删除自己的帖子,而不能删除其他人回复的帖子。 我尝试了很多次,但我的观点是删除其他用户的帖子。意味着任何用户都可以删除任何其他用户的帖子。 我想在每个帖子旁边创建一个按钮来删除,但按钮应该只有那些写过帖子的人才能看到。

class Reply(models.Model):
    User = models.ForeignKey(settings.AUTH_USER_MODEL)
    Question = models.ForeignKey(Doubt, on_delete=models.CASCADE)
    reply = models.TextField(max_length=40000)
    last_updated = models.DateTimeField(auto_now_add=True)
    image = models.ImageField(upload_to = upload_image_path, null = True, blank = True)
    created_at = models.DateTimeField(auto_now_add=True)

    def Post(self):
        return reverse("community:post", kwargs={"pk": self.pk})



class Post(models.Model):
    post = models.TextField(max_length=4000)
    reply = models.ForeignKey(Reply, on_delete = models.CASCADE)
    created_at = models.DateTimeField(auto_now_add=True)
    time = models.DateTimeField(null=True)
    User = models.ForeignKey(settings.AUTH_USER_MODEL)
python django view
2个回答
5
投票

如果您在 

AuthenticationMiddleware
中启用了 
settings.py
,则视图函数中的请求对象将包含用户模型。您的视图将如下所示:

from django import http

def get_post_from_request(request):
    ... something to pull up the post object from the request ...
    return the_post

def delete_post(request):
    the_post = get_post_from_request(request)
    if request.user == the_post.User:
        the_post.delete()
        return http.HttpResponseRedirect("/your/success/url/")
    else:
        return http.HttpResponseForbidden("Cannot delete other's posts")

如果您使用基于通用类的视图,您的视图可能看起来更像这样:

from django.views.generic import DeleteView
from django import http

class PostView(DeleteView):
    model = Post
    success_url = '/your/success/url/'

    # override the delete function to check for a user match
    def delete(self, request, *args, **kwargs):
        # the Post object
        self.object = self.get_object()
        if self.object.User == request.user:
            success_url = self.get_success_url()
            self.object.delete()
            return http.HttpResponseRedirect(success_url)
        else:
            return http.HttpResponseForbidden("Cannot delete other's posts")

如果您需要帮助导航基于类的视图(它们具有密集的继承层次结构),我可以推荐 http://ccbv.co.uk - 它们在“删除”视图上的细分位于 此处

0
投票

对于基于类的视图,逻辑应该在 form_valid() 中才能工作,而不是在 delete() 中。如果逻辑放入delete()中,终端将抛出警告:

 DeleteView uses FormMixin to handle POST requests. As a consequence, any custom deletion logic in MonitorDeleteView.delete() handler should be moved to form_valid().

只需将其放入 form_valid() 即可修复警告并使代码正常工作:

from django.views.generic import DeleteView
from django import http

class PostDeleteView(DeleteView):
    model = Post
    success_url = '/your/success/url/'

    # override the form_valid function to check for a user match
    def form_valid(self, form):
        self.object = self.get_object()
        if self.object.User == request.user:
            success_url = self.get_success_url()
            self.object.delete()
            return http.HttpResponseRedirect(success_url)
        else:
            return http.HttpResponseForbidden("Cannot delete other's posts")
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.