Недавно создал блогсайт, мне нужно руководство по правам пользователей (DJANGO PYTHON MYSQL)
Некоторое время назад я сделал сайт блога на python и django и использовал mysql в качестве базы данных. зрители могут видеть все написанные блоги и комментарии, но чтобы писать блоги и комментарии зрители должны войти или зарегистрироваться ... это все хорошо, но проблема в том, что когда я хочу отредактировать или удалить блог или комментарий, любой вошедший пользователь может редактировать или удалить любой комментарий или блог, я хочу реализовать права пользователей так, чтобы только пользователь, который написал блог / комментарий мог редактировать / удалять его, а не каждый
мои взгляды
from django.shortcuts import render,redirect
from django.contrib.auth.models import User,auth
from django.contrib import messages
from app.models import signup,blog
from app.forms import CommentForm,Blogform
# Create your views here.
def signup1(request):
if request.method == "POST":
Realname = request.POST['realname']
Username = request.POST['username']
sEmail = request.POST['semail']
sPassword = request.POST['spassword']
if User.objects.filter(username=Username).exists():
messages.info(request, "user exists")
return redirect("/")
else:
user = User.objects.create_user(username=Username, email=sEmail, password=sPassword, first_name=Realname)
user.save()
auth.login(request, user)
print("user made")
return redirect("/")
else:
form1 = signup.objects.all()
return render(request, 'Signup.html', {'signup': form1})
def login(request):
if request.method == "POST":
username =request.POST['lgusername']
password =request.POST['lgpassword']
user =auth.authenticate(username=username,password=password)
if user is not None:
auth.login(request,user)
return redirect("/")
else:
messages.info(request,"invalid username or password")
return redirect("/login")
else:
return render(request,"login.html")
def logout(request):
auth.logout(request)
return redirect("/")
def blog1(request):
blogs= blog.objects.all()
return render(request,'blog.html',{'blogs':blogs})
def blogdetail(request ,slug):
post =blog.objects.get(slug=slug)
if request.method == 'POST':
form = CommentForm(request.POST)
if form.is_valid():
comment = form.save(commit=False)
comment.post = post
comment.save()
return redirect('post_detail', slug=post.slug)
else:
form = CommentForm()
return render(request,'blog_detail.html',{'post':post ,'form': form})
def writeblog(request):
if request.method == "POST":
form=Blogform(request.POST)
if form.is_valid():
try:
form.save()
return redirect('/')
except:
pass
else:
form=Blogform()
return render(request,"write.html",{'form':form})
def edit(request,slug):
edit =blog.objects.get(slug=slug)
return render(request,"edit.html",{'edit':edit})
def update(request,slug):
edit = blog.objects.get(slug=slug)
form = Blogform(request.POST, instance=edit)
if form.is_valid():
form.save()
return redirect("/")
return render(request, 'update.html', {"edit" :edit})
def delete(request,slug):
delete= blog.objects.get(slug=slug)
delete.delete()
return redirect('/')
//// это мой шаблон
{% extends "base.html" %}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>blog</title>
</head>
<body>
{%block content%}
<div class="container">
<div class="d-flex align-items-center col-lg-12 col-md-12 col-sm-10 flex-column">
{% for blogs in blogs %}
<div style="width:100%;" class="border mt-3 border-secondary rounded">
<div class="container">
<h2 style="font-size:35px;" class="mr-auto rounded bg-secondary mt-2 pl-3 pb-2 pt-1 ">{{blogs.title}}</h2>
</div>
<small style="margin-left:4%;margin-bottom:4px;">posted at {{blogs.date_added}}</small>
<p style="margin-left:4%;margin-bottom:4px;"><strong>{{blogs.intro}}</strong></p>
<a style="margin-left:90%;" href="{% url 'post_detail' blogs.slug %}">Read more</a>
</div>
{% endfor %}
</div>
</div>
<a class="btn btn-primary" data-bs-toggle="offcanvas" href="#toggle" role="button" aria-controls="sidebar">
Link with href
</a>
<div class="offcanvas offcanvas-start" id="toggle">
<div class="offcanvas-header">
<h5 class="offcanvas-title"> Hello This is my offcanvas</h5>
<button type="button" class="btn-close" aria-label="sidebar-lable" data-bs-dismiss="offcanvas" ></button>
</div>
<div class="offcanvas-body">
<p>
this is the body of the offcanvas that i made just five minutes ago .
hello again
bye .
</p>
<form class="form-group ">
<label>Type your name</label>
<input placeholder="your name" class="form-control" type="text"><br>
<input type="submit" class="btn btn-outline-success">
</form>
</div>
</div>
{%endblock%}
</body>
</html>
мои урлы
from django.urls import path
from . import views
urlpatterns=[
path('signup',views.signup1,name="signup"),
path('login',views.login,name="login"),
path('logout',views.logout,name="logout"),
path('',views.blog1,name="blog"),
path('write',views.writeblog,name='write')
]
мои модели
from django.db import models
# Create your models here.
class signup(models.Model):
Realname = models.CharField(max_length=100)
Username = models.CharField(max_length=100)
sEmail = models.EmailField(max_length=150)
sPassword = models.CharField(max_length=250)
class Meta:
db_table ="Signupusers"
def __str__(self):
return self.Realname
class blog(models.Model):
title =models.CharField(max_length=250)
slug =models.SlugField()
intro =models.TextField()
body= models.TextField()
writer=models.TextField()
date_added=models.DateTimeField(auto_now_add=True)
class Meta:
db_table="blog1"
ordering =['-date_added']
def __str__(self):
return self.title
class Comment(models.Model):
post = models.ForeignKey(blog, related_name='comments', on_delete=models.CASCADE)
name = models.CharField(max_length=255)
email = models.EmailField()
body = models.TextField()
date_added = models.DateTimeField(auto_now_add=True)
class Meta:
db_table="comments"
ordering = ['date_added']