Django модель базы данных авторизация
Здравствуйте, я пытаюсь создать приложение todo, в котором пользователь может войти и зарегистрироваться. Все мои пользователи смогут получить доступ к другим "задачам", просто изменив id "задачи" в url. Скажем, у testuser1 есть 3 задачи в базе данных, а именно /task/1/ , /task/2/ и /task/3 у testuser2 есть 2 /task/4/ и /task/5/. Когда я вхожу в testuser2, я могу просто изменить url на /task/2/ для просмотра задачи от testuser1. Как я могу этого избежать?
models.py `
from django.db import models
from django.contrib.auth.models import User
# Create your models here.
# one user can have many tasks (ONETOMANY)
class Task(models.Model):
priority_status = [
('3', 'Prior'),
('2', 'Medium'),
('1', 'Low'),
]
user = models.ForeignKey(User, on_delete = models.CASCADE,null =True , blank =True)
title = models.CharField(max_length=100)
description = models.TextField(max_length=255, null=True ,blank=True)
priority = models.CharField(max_length=20,choices=priority_status, default='1')
complete = models.BooleanField(default=False)
created = models.DateTimeField(auto_now_add=True)
def __str__(self):
return self.title
class Meta:
ordering = ['complete','-priority']
views.py
`
from django.shortcuts import render ,redirect
from django.views.generic.list import ListView
from django.views.generic.detail import DetailView
from django.views.generic.edit import CreateView, UpdateView,DeleteView, FormView
from django.urls import reverse_lazy
from django.contrib.auth.views import LoginView
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth import login
from .models import Task
# Create your views here.
class Login(LoginView):
template_name = 'base/login.html'
fields = '__all__'
redirect_authenticated_user = True
def get_success_url(self):
return reverse_lazy('tasklist')
class Register(FormView):
template_name = 'base/register.html'
form_class = UserCreationForm
redirect_authenticated_user = True
success_url = reverse_lazy('tasklist')
def form_valid(self,form):
user =form.save()
if user is not None:
login(self.request, user)
return super(Register,self).form_valid(form)
def get(self, *args, **kwargs):
if self.request.user.is_authenticated:
return redirect('tasklist')
return super(Register, self).get(*args, **kwargs)
class TaskList(LoginRequiredMixin, ListView):
model = Task
#default name = {{object_list}}
context_object_name = 'tasks'
def get_context_data(self,**kwargs):
context = super().get_context_data(**kwargs)
context['tasks'] = context['tasks'].filter(user=self.request.user)
context['count'] = context['tasks'].filter(complete=False).count()
search_input = self.request.GET.get('search-area') or ''
if search_input :
context['tasks'] = context['tasks'].filter(title__icontains=search_input)
context['search_input'] = search_input
return context
class TaskDetail(LoginRequiredMixin, DetailView):
model = Task
#default name = {{object}}
context_object_name = 'task'
# default template name = from class name task_detail.html
# template_name = 'base/task.html'
class TaskCreate(LoginRequiredMixin, CreateView):
model = Task
fields = ['title','description','priority','complete']
success_url = reverse_lazy('tasklist')
def form_valid(self, form):
form.instance.user=self.request.user
return super(TaskCreate,self).form_valid(form)
class TaskUpdate(LoginRequiredMixin, UpdateView):
model = Task
fields = '__all__'
success_url = reverse_lazy('tasklist')
class TaskDelete(LoginRequiredMixin, DeleteView):
model = Task
context_object_name = 'task'
success_url = reverse_lazy('tasklist')
`
Я пытался разделить пользователей, настраивая модель пользователя, но результат тот же. Как я могу просто разрешить определенному пользователю определенный api?