Django, Права на удаление записи

Есть приложение на Django4 типа блог, View на основе классов. Редактирование чужих записей запретил переопределив функцию get_form_kwargs: из класса UpdateView

`def get_form_kwargs(self):
    kwargs = super().get_form_kwargs()
    if self.request.user != kwargs['instance'].author:
        return self.handle_no_permission()
    return kwargs `

Для CreateView переопределил функцию form_valid:

`def form_valid(self, form):
    """If the form is valid, save the associated model."""
    form.instance.author = self.request.user
    return super().form_valid(form) `

А как запретить в классе DeleteView доступ на удаление всем кроме автора?

    model = Article
    template_name = 'article_list.html'
    login_url = reverse_lazy('login')


class ArticleEditView(LoginRequiredMixin, UpdateView):
    model = Article
    template_name = 'article_edit.html'
    permission_denied_message = 'Доступ закрыт'
    fields = ['title', 'body']
    login_url = reverse_lazy('login')

    
    def get_form_kwargs(self):
        kwargs = super().get_form_kwargs()
        if self.request.user != kwargs['instance'].author:
            return self.handle_no_permission()
        return kwargs


class ArticleDeleteView(LoginRequiredMixin, DeleteView):
    model = Article
    template_name = 'article_delete.html'
    success_url = reverse_lazy('article_list')
    login_url = reverse_lazy('login')





class ArticleDetailView(LoginRequiredMixin, DetailView):
    model = Article
    template_name = 'article_detail.html'
    login_url = reverse_lazy('login')


class ArticleCreateView(LoginRequiredMixin, CreateView):
    model = Article
    template_name = 'article_new.html'
    fields = ['title', 'body']
    login_url = 'login'

    def form_valid(self, form):
        """If the form is valid, save the associated model."""
        form.instance.author = self.request.user
        return super().form_valid(form)

class ArticleDeleteView(LoginRequiredMixin, DeleteView):
model = Articles
template_name = 'edit_page.html'
success_url = reverse_lazy('edit_page')
success_msg = 'Запись удалена'
def post(self,request,*args,**kwargs):
    messages.success(self.request, self.success_msg)
    return super().post(request)

def form_valid(self, form):
    if self.object.author != self.request.user:
        return redirect('login_page')
    self.object.delete()
    success_url = reverse_lazy('login_page')
    success_msg = 'Запись не удалена!!'
    return HttpResponseRedirect(success_url, success_msg)

не удалось только сообщение получить

Вернуться на верх

Последние вопросы и ответы

How to persist multi-step form data between views in Django without committing to DB?

In new versions of django, after creating/applying migrations/after creating a super-user, the server starts up by itself

iOS/web Auth Client ID Handling for Google Sign In

Flaky Circle CI tests (django): ImportError: cannot import name "task" from "app.tasks" (unknown location)

KeyError 'email' for django-authtools UserCreationForm

Django check at runtime if code is executed under "runserver command" or not

Django REST project doesn’t detect apps inside the “apps” directory when running makemigrations

Cannot query "admin": Must be "ChatMessage" instance in Django

Is it reasonable to use Cloud storage for async webhook processing on Cloud Run

Django ORM: Add integer days to a DateField to annotate next_service and filter it (PostgreSQL)

Django, Права на удаление записи

Последние вопросы и ответы

Рекомендуемые записи по теме