问Django块访问基于字段的详细视图
EN

Stack Overflow用户

提问于 2017-05-31 06:14:24

回答 1查看 200关注 0票数 0

我有一个confidential字段(布尔值)的详细视图/模板，我希望细节页面只能由工作人员用户(或更高级别)访问。目前，我已通过在模板中添加以下内容来使其工作：

  {% if enzymes.confidential == True %}
    {% if user.is_staff %}
      # confidential data is listed here
    {% else %}
      <p>You do not have access to this page</p>
    {% endif %}
  {% else %}
    # non confidential data is listed here
  {% endif %}

但是，我想知道我是否能把一个过滤器应用到我的观点上？下面列出了我使用的视图(包括一些我尝试过的东西)。

class DetailView(generic.DetailView):
    template_name = 'gts/detail.html'
    model = Enzymes

    # The active get_context_data
    def get_context_data(self, **kwargs):
        context = super(DetailView, self).get_context_data(**kwargs)
        enzyme = context['object']
        activities = Activitydiagram.objects.filter(enzymes=enzyme)
        spectras = Spectraimage.objects.filter(enzymes=enzyme)
        enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
        context['activities'] = activities
        context['spectras'] = spectras
        context['enzymeactivities'] = enzymeactivities
        return context

    # This was my WIP attempt
    """def get_context_data(self, **kwargs):
        context = super(DetailView, self).get_context_data(**kwargs)
        if self.request.user.is_staff:
            enzyme = context['object']
            activities = Activitydiagram.objects.filter(enzymes=enzyme)
            spectras = Spectraimage.objects.filter(enzymes=enzyme)
            enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
            context['activities'] = activities
            context['spectras'] = spectras
            context['enzymeactivities'] = enzymeactivities
        else:
            # TODO: Load only confidential=False enzymes here
            enzyme = context['object']
            activities = Activitydiagram.objects.filter(enzymes=enzyme)
            spectras = Spectraimage.objects.filter(enzymes=enzyme)
            enzymeactivities = Enzymeactivity.objects.filter(enzymes=enzyme)
            context['activities'] = activities
            context['spectras'] = spectras
            context['enzymeactivities'] = enzymeactivities
        return context"""

detailview

django

DNS解析特惠

DNS解析提供智能解析、流量调度、安全防护等服务

回答 1

Stack Overflow用户

回答已采纳

发布于 2017-05-31 06:28:14

一种典型的方法是重写get_queryset方法，如果用户不是工作人员，则过滤查询集。如果非工作人员试图访问机密项目，他们将得到404页。

class DetailView(generic.DetailView):
    template_name = 'gts/detail.html'
    model = Enzymes

    def get_queryset(self):
        queryset = super(DetailView, self).get_queryset()
        if not request.user.is_staff:
            queryset = queryset.filter(confidential=False) 
        return queryset