1

我的应用中有很多基于类的视图。它们中的大多数应该只能由经过身份验证的员工用户访问。如何轻松地为大量基于类的视图添加用户检查?

对于标准功能视图,我添加了如下装饰器:

def only_staff_allowed(fn):
    '''decorator'''
    def wrapped(request, *args, **kwargs):
        if request.user.is_staff:
            return fn(request, *args, **kwargs)
        else:
            return HttpResponseRedirect(reverse('moderator:login'))
    return wrapped

@only_staff_allowed
def dashboard(request):
    ''' now accessible only by staff users '''
    return render(request, 'moderator/dashboard.html', {})

我怎样才能做类似这样的基于类的视图?

class AddressesAddList(ListView):
    template_name = 'moderator/addresses/add_list.html'
    queryset = Address.objects.filter(need_moderating=True)
    paginate_by = 100

我应该添加一些mixin还是覆盖一些方法?或者我可以装饰一些东西吗?

4

3 回答 3

6

实际上,至少有三种方法可以避免装饰dispatch您想要登录的每个视图类的方法。

如果您只有几个这样的视图,您可以在 URLconf 中使用该装饰器,如下所示:

url(r"^protected/$", login_required(ProtectedView.as_view()), name="protected_view"),

或者,如果您要保护更多视图,则更好的是使用LoginRequiredMixinfrom django-braces

from braces.views import LoginRequiredMixin

class ProtectedView(LoginRequiredMixin, TemplateView):
    template_name = 'secret.html'

而且,如果你有很多视图需要保护,你应该使用中间件一举覆盖一堆视图;类似于:

class RequireLoginMiddleware(object):
    """Requires login for URLs defined in REQUIRED_URLS setting."""
    def __init__(self):
        self.urls = tuple([re.compile(url) for url in REQUIRED_URLS])
        self.require_login_path = getattr(settings, 'LOGIN_URL', '/accounts/login/')
    def process_request(self, request):
        if not request.user.is_authenticated() and request.path != self.require_login_path:
            for url in self.urls:
                if url.match(request.path):
                    return HttpResponseRedirect(u"{0}?next={1}".format(self.require_login_path, request.path))
于 2013-05-01T17:43:02.833 回答
4

您应该装饰基于类的视图的调度方法。见下文。

from django.contrib.auth.decorators import login_required
from django.utils.decorators import method_decorator
from django.views.generic import TemplateView

class ProtectedView(TemplateView):
    template_name = 'secret.html'

    @method_decorator(login_required)
    def dispatch(self, *args, **kwargs):
        return super(ProtectedView, self).dispatch(*args, **kwargs)

请参阅此处的文档。

于 2013-05-01T11:44:18.417 回答
2

您可以使用 LoginRequiredMixin。这会将未经身份验证的用户重定向到页面集。

from braces.views import LoginRequiredMixin

class DashboardIndex(LoginRequiredMixin, TemplateView):
    template_name = 'dashboard/index.html'
    login_url = 'action:login' #Where you must set the page else will use default.
    raise_exception = False

https://django-braces.readthedocs.org/en/latest/access.html#loginrequiredmixin

于 2016-04-13T23:21:35.777 回答