django - 在 django-generic-views 中隐藏某些用户的用户数据
问题描述
我的目标是允许用户使用嵌套的 Task 实例创建自己的 Project 实例。其他用户不应有权访问不是他们创建的数据。我怎样才能正确地做到这一点?我为 编写了一个自定义查询集ProjectListView,但其他视图有问题。也许这种情况有一个通用的解决方案?
模型.py
class Project(models.Model):
project_name = models.CharField(max_length=150, default='')
user = models.ForeignKey(get_user_model(), null=True, on_delete=models.CASCADE)
class Task(models.Model):
project = models.ForeignKey(Project, on_delete=models.CASCADE)
task_name = models.CharField(max_length=250, default='')
is_done = models.BooleanField(default=False)
视图.py
class ProjectListView(LoginRequiredMixin, ListView):
model = Project
context_object_name = 'projects'
def get_queryset(self):
return Project.objects.filter(user=self.request.user)
class ProjectCreateView(LoginRequiredMixin, CreateView):
model = Project
fields = ('project_name',)
success_url = reverse_lazy('projects')
class ProjectUpdateView(LoginRequiredMixin, UpdateView):
model = Project
fields = ('project_name',)
template_name = 'backend/project_update_form.html'
success_url = reverse_lazy('projects')
class ProjectDeleteView(LoginRequiredMixin, DeleteView):
model = Project
success_url = reverse_lazy('projects')
class TaskCreateView(LoginRequiredMixin, CreateView):
model = Task
fields = '__all__'
success_url = reverse_lazy('projects')
class TaskUpdateView(LoginRequiredMixin, UpdateView):
model = Task
fields = ('task_name', 'is_done',)
template_name = 'backend/task_update_form.html'
success_url = reverse_lazy('projects')
class TaskDeleteView(LoginRequiredMixin, DeleteView):
model = Task
success_url = reverse_lazy('projects')
结果:
class TaskCreateView(LoginRequiredMixin, TaskMixin, CreateView):
model = Task
fields = '__all__'
success_url = reverse_lazy('projects')
def get_form(self, *args, **kwargs):
form_class = super().get_form(form_class=None)
form_class.fields['project'].choices =\
[(project.pk, project) for project in Project.objects.filter(user=self.request.user)]
return form_class
解决方案
您可以将该自定义查询集移动到mixin:
# mixins.py
class ProjectMixin(object):
def get_queryset(self):
return Project.objects.filter(user=self.request.user)
class TaskMixin(object):
def get_queryset(self):
return Task.objects.filter(project__user=self.request.user)
# views.py
class ProjectListView(LoginRequiredMixin, ProjectMixin, ListView):
model = Project
context_object_name = 'projects'
class ProjectCreateView(LoginRequiredMixin, ProjectMixin, CreateView):
model = Project
fields = ('project_name',)
success_url = reverse_lazy('projects')
class ProjectUpdateView(LoginRequiredMixin, ProjectMixin, UpdateView):
model = Project
fields = ('project_name',)
template_name = 'backend/project_update_form.html'
success_url = reverse_lazy('projects')
class ProjectDeleteView(LoginRequiredMixin, ProjectMixin, DeleteView):
model = Project
success_url = reverse_lazy('projects')
class TaskCreateView(LoginRequiredMixin, TaskMixin, CreateView):
model = Task
fields = '__all__'
success_url = reverse_lazy('projects')
class TaskUpdateView(LoginRequiredMixin, TaskMixin, UpdateView):
model = Task
fields = ('task_name', 'is_done',)
template_name = 'backend/task_update_form.html'
success_url = reverse_lazy('projects')
class TaskDeleteView(LoginRequiredMixin, TaskMixin, DeleteView):
model = Task
success_url = reverse_lazy('projects')
推荐阅读
- google-api - 使用 PHP 为我们的客户创建管理员用户的 Gsuite 经销商 API
- python - 如何对 matplotlib.pyplot.acorr 使用去趋势函数?
- php - yii serve 是否适合在生产环境中托管?
- python - TensorFlow Keras 自定义回调 on_test_begin 不会覆盖自身
- javascript - Javascript:闭包与类存储上下文的优缺点
- php - 如何使用php区分同一html表单中的不同输入
- amazon-web-services - 如何设置 sam-cli 来启动 Alexa 技能 lambda 进行测试?
- scala - 如何递归解析这种树状结构?
- javascript - 如何在 React Js 中显示 CKEditor5 保存的内容
- node.js - 找不到模块:错误:无法解析“文件”或“目录”../../