我有一个API,在其中,如果不允许用户访问它,则将其重定向到另一个视图,以及添加到请求会话的用户消息,并使用django消息框架使用该信息在模板中显示消息。 在此过程中,当我在重定向视图中查看时,从一个视图传递的会话数据会丢失。仅在生产环境中会发生这种情况。
这里是代码。
视图-
def data_asset_alert_track(request, edf_data_asset_id):
data_asset = EdfDataAsset.objects.get(data_asset_id=edf_data_asset_id)
x_app_role = access_control.get_xapp_role(request)
roles = access_control.get_roles(x_app_role)
user = User.objects.get(username=request.user)
is_edit_permitted = (access_control.has_edit_all_access(roles, 'edfdataasset'))\
or (True if data_asset.owner_id and data_asset.owner.owner_id == user.username else False)\
or (access_control.is_auth_user(data_asset.owner, user) if data_asset.owner_id else False)
if not is_edit_permitted:
request.session['message'] = 'Unauthorized Action: Edit DataAsset - %s not permitted'%data_asset.data_asset_name
return HttpResponseRedirect(reverse('data_assets'))
if data_asset.alert_fl is False:
data_asset.alert_fl = 'True'
else:
data_asset.alert_fl = 'False'
data_asset.save()
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
Redirected to view-
def data_assets(request):
if 'message' in request.session:
logr.info("There is a message")
messages.add_message(request, messages.ERROR, "A trial message")
data_asset_list = EdfDataAsset.objects.select_related('provider').order_by('data_asset_name')
field_filter = DataAssetFilter(request.GET, queryset=data_asset_list)
context = {'data_asset_list': data_asset_list, 'filter': field_filter, }
return render(request, 'edf/data_assets.html', context)
这在所有开发和测试环境中都可以正常工作。可能是什么问题?
我尝试在settings.py中添加这两个设置。仍然不起作用
MESSAGE_STORAGE ='django.contrib.messages.storage.session.SessionStorage'
SESSION_COOKIE_SECURE = False
HttpResponseRedirect时,我认为您的请求不会通过中间件发送-这意味着您的会话将不会保存。为了正确处理此问题,建议您使用Django的
。直接进入您的data_asset_alert_track视图。
应该在您看来
def data_asset_alert_track(request, edf_data_asset_id):
data_asset = EdfDataAsset.objects.get(data_asset_id=edf_data_asset_id)
x_app_role = access_control.get_xapp_role(request)
roles = access_control.get_roles(x_app_role)
user = User.objects.get(username=request.user)
is_edit_permitted = (access_control.has_edit_all_access(roles, 'edfdataasset'))\
or (True if data_asset.owner_id and data_asset.owner.owner_id == user.username else False)\
or (access_control.is_auth_user(data_asset.owner, user) if data_asset.owner_id else False)
if not is_edit_permitted:
messages.add_message(request, messages.ERROR, 'Unauthorized Action: Edit DataAsset - %s not permitted')
return HttpResponseRedirect(reverse('data_assets'))
if data_asset.alert_fl is False:
data_asset.alert_fl = 'True'
else:
data_asset.alert_fl = 'False'
data_asset.save()
return HttpResponseRedirect(request.META.get('HTTP_REFERER', '/'))
在您的重定向视图中
def data_assets(request): data_asset_list = EdfDataAsset.objects.select_related('provider').order_by('data_asset_name') field_filter = DataAssetFilter(request.GET, queryset=data_asset_list) context = {'data_asset_list': data_asset_list, 'filter': field_filter, } return render(request, 'edf/data_assets.html', context)