python - 控制对 UpdateView 中页面的访问

解决方案 1

您可以覆盖View.dispatch()这是任何 HTTP 方法的入口点，以首先检查用户。

dispatch(request, *args, **kwargs)

视图的视图部分——接受请求参数和参数并返回 HTTP 响应的方法。

默认实现将检查 HTTP 方法并尝试委托给与 HTTP 方法匹配的方法；一个 GET 将被委托给get()，一个 POST被委托给 ，post()等等。

class Edit_news(UpdateView):
    ...

    def dispatch(self, request, *args, **kwargs):
        if (
            request.user.is_superuser
            or request.user.has_perm('app.change_news')  # If ever you attach permissions to your users
            or request.user.email.endswith('@teachers.edu.org')  # If the email of teachers are identified by that suffix
            or custom_check_user(request.user)  # If you have a custom checker
        ):
            return super().dispatch(request, *args, **kwargs)
        return HttpResponseForbidden()

    ...

如果您希望它对 HTTP GET 和 HTTP POST 等有所不同，则改为覆盖特定方法。

class django.views.generic.edit.BaseUpdateView

方法

get(request, *args, **kwargs)

post(request, *args, **kwargs)

相关参考：

• 将对象级别权限添加到通用视图

解决方案 2

您还可以尝试UserPassesTestMixin（基于类的user_passes_test实现）。

class Edit_news(UserPassesTestMixin, UpdateView):  # Some mixins in django-auth is required to be in the leftmost position (though for this mixin, it isn't explicitly stated so probably it is fine if not).
    raise_exception = True  # To not redirect to the login url and just return 403. For the other settings, see https://docs.djangoproject.com/en/3.2/topics/auth/default/#django.contrib.auth.mixins.AccessMixin

    def test_func(self):
        return (
            self.request.user.is_superuser
            or self.request.user.has_perm('app.change_news')  # If ever you attach permissions to your users
            or self.request.user.email.endswith('@teachers.edu.org')  # If the email of teachers are identified by that suffix
            or custom_check_user(self.request.user)  # If you have a custom checker
        )

    ...