2
他們可以通過放置帖子ID來繞過鏈接。我不知道如何解決它。如何讓用戶只刪除他們在Django中創建的對象?
/borrar/ID
模板按鈕:
{% if user == post.user %}
<a class="close pull-right" href="{% url 'post_borrar' post.id %}"><span aria-hidden="true">×</span></a>
{% endif %}
模板帖子/ posts_mod_borrar.html:
<form method="post">
{% csrf_token %}
¿Estás seguro que deseas borrar el post "{{ object }}"?
<input type="submit" value="Submit" />
</form>
views.py
class PostDeleteView(generic.DeleteView):
model = Post
template_name = 'posts/posts_mod_borrar.html'
success_url = reverse_lazy('timeline')
model.py
class Post(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE)
texto = models.CharField(max_length=200)
imagen = models.ImageField(upload_to='posts', blank=True)
video = models.URLField(blank=True)
creado = models.DateTimeField(auto_now_add=True)
actualizado = models.DateTimeField(auto_now=True)
class Meta:
ordering = ["-creado"]
def __str__(self):
return self.texto
感謝你爲這個響應速度快,它很有用! –