装饰器@login_required用于函数,不可作用与类,LoginRequiredMixin用于类 可采用django.contrib.auth提供的两个混合类限制对视图的访问,具体如下: LoginRequiredMixin: 复制login_required装饰器的各项功能 PermissionRequiredMixin: 将视图访问权限授予具有特定权限的用户。注意,超级用户自动拥有全部权限。装饰器@permission_required用法类似login_required 示例:
from django. contrib. auth. mixins import LoginRequiredMixin, PermissionRequiredMixin
from django. shortcuts import render
from django. urls import reverse_lazy
from django. views. generic import ListView, CreateView, UpdateView, DeleteView
from courses. models import Course
class ManageCourseListView ( ListView) :
model = Course
template_name = 'courses/manage/course/list.html'
def get_queryset ( self) :
qs = super ( ManageCourseListView, self) . get_queryset( )
return qs. filter ( owner= self. request. user)
class OwnerMixin ( object ) :
def get_queryset ( self) :
qs = super ( OwnerMixin, self) . get_queryset( )
return qs. filter ( owner= self. request. user)
class OwnerEditMixin ( object ) :
def form_valid ( self, form) :
form. instance. owner = self. request. user
return super ( OwnerEditMixin, self) . form_valid( form)
class OwnerCourseMixin ( OwnerMixin, LoginRequiredMixin) :
model = Course
fields = [ 'subject' , 'title' , 'slug' , 'overview' ]
success_url = reverse_lazy( 'manage_course_list' )
class OwnerCourseEditMixin ( OwnerCourseMixin, OwnerEditMixin) :
fields = [ 'subject' , 'title' , 'slug' , 'overview' ]
success_url = reverse_lazy( 'manage_course_list' )
template_name = 'courses/manage/course/form.html'
class ManageCourseListView ( OwnerCourseMixin, ListView) :
template_name = 'courses/manage/course/list.html'
class CourseCreateView ( PermissionRequiredMixin, OwnerCourseEditMixin, CreateView) :
permission_required = 'courses.add_course'
class CourseUpdateView ( PermissionRequiredMixin, OwnerCourseMixin, UpdateView) :
permission_required = 'courses.change_course'
class CourseDeleteView ( PermissionRequiredMixin, OwnerCourseMixin, DeleteView) :
template_name = 'courses/manage/course/delete.html'
success_url = reverse_lazy( 'manage_course_list' )
permission_required = 'courses.delete_course'