login_required() 完成以下工作:
- 如果用户未登录,则重定向到settings.LOGIN_URL,在Query String中传递当前绝对路径。例如: /accounts/login/?next=/polls/3/.
- 如果用户已登录,则正常执行view。在View的代码可假定用户已经登录。
一般,用户在成功认证后重定向的链接保存在query string的next参数。如果你想用其他参数名。login_required()中有可选的redirect_field_name参数。
注意:如果你设置了redirect_field_name,你可能还需要在你的login模板中做相应修改。因为保存重定向路径的模板上下文变量(template context variable)将使用参数 redirect_field_name的值作为key。
login_required() 还提供一个可选的 login_url 参数
注意:login_required修饰符不会检查user的is_active标志位。
访问限制 Limiting access to logged-in users that pass a test
Django提供一种简单的方式来判断用户是否具备某种权限: permission_required() 修饰符
一.login.html
{% extends "base.html" %}
{% block title %} Login {% endblock %}
{% block content %}
<form action="." method="POST">
{% csrf_token %}
{{ mensaje }}
{{ form.as_p }}
{% if next %}
<input type="hidden" value="{{next}}" name="next">
{% else %}
<input type="hidden" value="/" name="next">
{% endif %}
<button class="btn btn-primary" type="submit"> Login </button>
<h5>Registrarte <a href="/registro/">aquí</a></h5>
</form>
{% endblock %}
二.views.py
from django.shortcuts import render_to_response
from django.template import RequestContext
from demo.apps.ventas.models import producto
from demo.apps.home.forms import ContactForm, LoginForm,RegisterForm
from django.core.mail import EmailMultiAlternatives # Enviamos HTML
from django.contrib.auth.models import User
import django
from demo.settings import URL_LOGIN
from django.contrib.auth import login,logout,authenticate
from django.http import HttpResponseRedirect
# Paginacion en Django
from django.core.paginator import Paginator,EmptyPage,InvalidPage
from django.contrib.auth.decorators import login_required
def index_view(request):
return render_to_response('home/index.html',context_instance=RequestContext(request))
@login_required(login_url=URL_LOGIN)
def about_view(request):
version = django.get_version()
mensaje = "Esto es un mensaje desde mi vista"
ctx = {'msg':mensaje,'version':version}
return render_to_response('home/about.html',ctx,context_instance=RequestContext(request))
def productos_view(request,pagina):
lista_prod = producto.objects.filter(status=True) # Select * from ventas_productos where status = True
paginator = Paginator(lista_prod,5) # Cuantos productos quieres por pagina? = 3
try:
page = int(pagina)
except:
page = 1
try:
productos = paginator.page(page)
except (EmptyPage,InvalidPage):
productos = paginator.page(paginator.num_pages)
ctx = {'productos':productos}
return render_to_response('home/productos.html',ctx,context_instance=RequestContext(request))
def singleProduct_view(request,id_prod):
prod = producto.objects.get(id=id_prod)
cats = prod.categorias.all() # Obteniendo las categorias del producto encontrado
ctx = {'producto':prod,'categorias':cats}
return render_to_response('home/SingleProducto.html',ctx,context_instance=RequestContext(request))
@login_required(login_url=URL_LOGIN)
def contacto_view(request):
info_enviado = False # Definir si se envio la informacion o no se envio
email = ""
titulo = ""
texto = ""
if request.method == "POST":
formulario = ContactForm(request.POST)
if formulario.is_valid():
info_enviado = True
email = formulario.cleaned_data['Email']
titulo = formulario.cleaned_data['Titulo']
texto = formulario.cleaned_data['Texto']
# Configuracion enviando mensaje via GMAIL
to_admin = 'alexexc2@gmail.com'
html_content = "Informacion recibida de [%s] <br><br><br>***Mensaje****<br><br>%s"%(email,texto)
msg = EmailMultiAlternatives('Correo de Contacto',html_content,'from@server.com',[to_admin])
msg.attach_alternative(html_content,'text/html') # Definimos el contenido como HTML
msg.send() # Enviamos en correo
else:
formulario = ContactForm()
ctx = {'form':formulario,'email':email,'titulo':titulo,'texto':texto,'info_enviado':info_enviado}
return render_to_response('home/contacto.html',ctx,context_instance=RequestContext(request))
def login_view(request):
mensaje = ""
if request.user.is_authenticated():
return HttpResponseRedirect('/')
else:
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
next = request.POST['next']
username = form.cleaned_data['username']
password = form.cleaned_data['password']
usuario = authenticate(username=username,password=password)
if usuario is not None and usuario.is_active:
login(request,usuario)
return HttpResponseRedirect(next)
else:
mensaje = "usuario y/o password incorrecto"
next = request.REQUEST.get('next')
form = LoginForm()
ctx = {'form':form,'mensaje':mensaje,'next':next}
return render_to_response('home/login.html',ctx,context_instance=RequestContext(request))
def logout_view(request):
logout(request)
return HttpResponseRedirect('/')
def register_view(request):
form = RegisterForm()
if request.method == "POST":
form = RegisterForm(request.POST)
if form.is_valid():
usuario = form.cleaned_data['username']
email = form.cleaned_data['email']
password_one = form.cleaned_data['password_one']
password_two = form.cleaned_data['password_two']
u = User.objects.create_user(username=usuario,email=email,password=password_one)
u.save() # Guardar el objeto
return render_to_response('home/thanks_register.html',context_instance=RequestContext(request))
else:
ctx = {'form':form}
return render_to_response('home/register.html',ctx,context_instance=RequestContext(request))
ctx = {'form':form}
return render_to_response('home/register.html',ctx,context_instance=RequestContext(request))
三.login.html
{% extends "base.html" %}
{% block title %} Login {% endblock %}
{% block content %}
<form action="." method="POST">
{% csrf_token %}
{{ mensaje }}
{{ form.as_p }}
{% if next %}
<input type="hidden" value="{{next}}" name="next">
{% else %}
<input type="hidden" value="/" name="next">
{% endif %}
<button class="btn btn-primary" type="submit"> Login </button>
<h5>Registrarte <a href="/registro/">aquí</a></h5>
</form>
{% endblock %}